TGT from keytab w/ preauth required?
Michael B Allen
mba2000 at ioplex.com
Sun May 28 13:23:32 EDT 2006
On Sun, 28 May 2006 13:51:54 +0100
"Markus Moeller" <huaraz at moeller.plus.com> wrote:
> We use a Windows kdc and a tool like Dan Perrys msktutil to create keytabs
> with service principals like ftpbatch/client1.
> We then do something like
> kinit -c ./cache.$$ -l 2m -kt keytab ftpbatch/client1; set
> KRB5CCNME=./cache.$$, ftp -x <cmdinput ; kdestroy
> for a batch ftp process. msktutil has also an option to re-extract the
> service principal with a new random password which you could use from a
> cronjob to change the keytab once a month to avoid misuse of old backups.
> Is it that you try to achieve only in a program ?
Yes. Except the functionality is in the form of a library so I will
need to consider that a process may be running indefinitely and handle
expired keys, reauthenticate as necessary, etc.
More information about the krbdev