Trying to use Windows Netidmgr with Keytab

Jeffrey Altman jaltman at secure-endpoints.com
Mon Mar 14 10:37:03 EDT 2011


On 3/14/2011 10:12 AM, Murray Trainer wrote:
> Hi,
> 
> I am using the latest Kerberos for Windows from Secure Endpoints.  I created the Windows DOS batch file below that obtains my kerberos 5 tickets using a keytab file.
> 
> set krb_user=murray
> set KRB5CCNAME=FILE:c:\krb5cc_%krb_user%
> set KRB5_KTNAME=\%krb_user%.keytab
> kinit -5 -r 7d -k -t C:\%krb_user%.keytab %krb_user%@MYDOMAIN.NET
> start /min C:\"Program Files"\MIT\Kerberos\bin\netidmgr.exe
> 
> The kinit line works and if I do a klist I have kerberos 5 tickets.  The last line in the script is intended to start Windows Netidmgr so it automatically renews these tickets using the keytab file.  Netidmgr starts and if I maximise it my identity is greyed out and my tickets don't get renewed unless I manually renew them by entering my password.  After that my tickets are renewed automatically.  Is there any way of making Netidmgr use the Keytab file instead of requiring passwords be entered?
> 
> Any assistance is appreciated
> 
> Thanks
> 
> Murray  

NetIdMgr doesn't know to look for your FILE: cache since it has no
method of enumerating FILE caches.  You need to manually add your FILE
cache to the search list on the Options->Kerberos v5->Credential Caches
page.  Once that is done NetIdMgr will be able to recognize and renew
the credentials.

Built-in support for keytab based identities is on the list of items we
wish to add but I'm not sure when it will be done.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20110314/07c0d6cd/attachment.bin


More information about the Kerberos mailing list