Machine authentication
Greg Hudson
ghudson at MIT.EDU
Sat Aug 9 00:41:07 EDT 2014
On 08/08/2014 03:37 AM, jarek wrote:
> Is it possible to receive ticket for host principal and use this ticket
> for authentication ?
Yes. Normally this is done using a keytab, in one of three ways:
* krb5_get_init_creds_keytab from the application code.
* kinit -k from the command line. (This will only work until the
resulting tickets expire.)
* Client keytab initiation (new in MIT krb5 1.11). Set the environment
variable KRB5_CLIENT_KTNAME to FILE:/path/to/keytab, and set KRB5CCNAME
to FILE:/some/path/writable/by/daemon/process. Don't create the ccache.
The GSS application will create it automatically using the keytab, and
will refresh it when needed.
More information about the Kerberos
mailing list