Passwordless access to kadmin
Benjamin Kaduk
kaduk at MIT.EDU
Fri Jul 18 11:46:50 EDT 2014
On Fri, 18 Jul 2014, jarek wrote:
> Hello!
>
> How can I automatically get kadmin/kdc.domain at REALM ticket, so I can
> access kadmin without entering password second time ?
> If I have valid ticket I can connect with ssh, and ticket for
> host/server is created automatically. The same is with psql, but not for
> kadmin.
kadmin requires tickets with the INITIAL flag set, i.e., not granted from
the TGS.
You can use kinit -c FILE:/path/to/ccname -S kadmin/kdc.domain at REALM to
get such a service ticket and put it in the named cache. kadmin -c
FILE:/path/to/ccname should then successfully authenticate without
prompting for a password.
-Ben Kaduk
More information about the Kerberos
mailing list