Linux Daemons and Kerberos Tickets

Richard E. Silverman res at qoxp.net
Wed Apr 8 02:04:06 EDT 2009


>>>>> "NS" == neelsmail  <neelsmail at rediffmail.com> writes:

    NS> Hi, I wanted to know whether there are any recommendations
    NS> regarding following scenario:

    NS> - In order to Linux daemons to be running in kerberos/Active
    NS> Directory users' context, a (krbtgt) ticket is needed and is
    NS> fetched by kinit.  - But this ticket is usually valid for some
    NS> time depending on user configuration and it needs to be renewed.

    NS> Is there a recommended way of renewing/getting new ticket for the
    NS> user?

Yes.  The user reauthenticates with his or her password, typically once a day.

    NS> One of the ways suggested to me was run kinit externally as
    NS> cronjob for every user you want every n hours. But that seems
    NS> dangerous to me.

    NS> Putting kinit call to .bashrc sounds good to me but that will
    NS> fetch ticket only for default duration. Is there a better way? Or
    NS> how do admins do it usually?

    NS> Thanks in advance, -Neel.


-- 
  Richard Silverman
  res at qoxp.net




More information about the Kerberos mailing list