TGT from keytab w/ preauth required?

Michael B Allen mba2000 at
Sun May 28 13:23:32 EDT 2006

On Sun, 28 May 2006 13:51:54 +0100
"Markus Moeller" <huaraz at> wrote:

> We use a Windows kdc and a tool like Dan Perrys msktutil to create keytabs 
> with service principals like ftpbatch/client1.
> We then do something like
> kinit -c ./cache.$$ -l 2m -kt keytab ftpbatch/client1; set 
> KRB5CCNME=./cache.$$, ftp -x <cmdinput ; kdestroy
> for a batch ftp process. msktutil has also an option to re-extract the 
> service principal with a new random password which you could use from a 
> cronjob to change the keytab once a month to avoid misuse of old backups.
> Is it that you try to achieve only in a program ?

Yes. Except the functionality is in the form of a library so I will
need to consider that a process may be running indefinitely and handle
expired keys, reauthenticate as necessary, etc.


More information about the krbdev mailing list