Linux Daemons and Kerberos Tickets
Richard E. Silverman
res at qoxp.net
Wed Apr 8 02:04:06 EDT 2009
>>>>> "NS" == neelsmail <neelsmail at rediffmail.com> writes:
NS> Hi, I wanted to know whether there are any recommendations
NS> regarding following scenario:
NS> - In order to Linux daemons to be running in kerberos/Active
NS> Directory users' context, a (krbtgt) ticket is needed and is
NS> fetched by kinit. - But this ticket is usually valid for some
NS> time depending on user configuration and it needs to be renewed.
NS> Is there a recommended way of renewing/getting new ticket for the
NS> user?
Yes. The user reauthenticates with his or her password, typically once a day.
NS> One of the ways suggested to me was run kinit externally as
NS> cronjob for every user you want every n hours. But that seems
NS> dangerous to me.
NS> Putting kinit call to .bashrc sounds good to me but that will
NS> fetch ticket only for default duration. Is there a better way? Or
NS> how do admins do it usually?
NS> Thanks in advance, -Neel.
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list