Passwordless access to kadmin

Benjamin Kaduk kaduk at MIT.EDU
Fri Jul 18 11:46:50 EDT 2014


On Fri, 18 Jul 2014, jarek wrote:

> Hello!
>
> 	How can I automatically get kadmin/kdc.domain at REALM ticket, so I can
> access kadmin without entering password second time ?
> 	If I have valid ticket I can connect with ssh, and ticket for
> host/server is created automatically. The same is with psql, but not for
> kadmin.

kadmin requires tickets with the INITIAL flag set, i.e., not granted from 
the TGS.
You can use kinit -c FILE:/path/to/ccname -S kadmin/kdc.domain at REALM to 
get such a service ticket and put it in the named cache.  kadmin -c 
FILE:/path/to/ccname should then successfully authenticate without 
prompting for a password.

-Ben Kaduk


More information about the Kerberos mailing list