KfW 3.1 accessing credentials cache from Windows Service
petesea@bigfoot.com
petesea at bigfoot.com
Sat Feb 17 02:13:10 EST 2007
Are there any special circumstances to be aware of for a Windows Service
to access a credentials cache which was created outside the context of the
service?
I have a user running an application as a Windows Service. The service
eventually calls a cvs command which accesses the repository via ssh using
gssapi-with-mic authentication.
The credentials cache needs to be created/renewed automatically, therefore
we will be calling kinit with a keytab/principal... probably with a
specific cache defined via KRB5CCNAME.
There is no hook into the application service to call kinit so it must be
called external to the service.
- Can the service be started using the "Local System account" or must it
be started as a specific user?
- If KRB5CCNAME is defined as a "System Variable", will the service and
some other scheduled process be able to access the SAME credentials cache?
- Does it matter what TYPE of credentials cache (API, FILE)?
- If KRB5CCNAME is NOT defined... in other words both the service and
automated kinit will use the default value, will that make any difference?
More information about the Kerberos
mailing list