help with OTP
Matt Zagrabelny
mzagrabe at d.umn.edu
Fri Jan 5 09:31:44 EST 2024
On Wed, Apr 26, 2023 at 11:41 AM Matt Zagrabelny <mzagrabe at d.umn.edu> wrote:
> On Wed, Apr 26, 2023 at 11:29 AM Ken Hornstein <kenh at cmf.nrl.navy.mil>
> wrote:
>
>
> > It does occur to me a useful addition to kinit might be a flag that
> > means "authenticate using anonymous PKINIT and then use those
> > credentials as a FAST armour credential cache" so you wouldn't have
> > to muck around with juggling credential caches.
>
> That would be great and would eliminate an impending shell alias for me:
>
> alias kinit-otp='kinit -n -c /tmp/somecache; kinit -T /tmp/somecache'
>
Krb5 devs,
Any thoughts about extending kinit to natively perform the two step process
in the alias above? (And also have an option in /etc/krb5.conf so that it
is "on" by default?)
Maybe:
kinit --anonymous-cache-credentials
[libdefaults]
anonymous-cache-credentials = true
Thanks for the consideration!
-m
More information about the Kerberos
mailing list