What we do in our environment is create "service users" that are designated for certain tasks. Say you need to run a rsync job every night, after the user is created, you will need to create a keytab. Then copy the keytab file over to the box that the cronjob will run on. Then at the top of the script (which is called from the cronjob), add something like this:
/usr/kerberos/bin/kdestroy
/usr/kerberos/bin/kinit -k -t /home/srv_rsync/srv_rsync.keytab srv_rsync@MYDOMAIN.LOCAL
And you can verify that you have a TGT by using the klist command.
-Mike
/usr/kerberos/bin/kdestroy
/usr/kerberos/bin/kinit -k -t /home/srv_rsync/srv_rsync.keytab srv_rsync@MYDOMAIN.LOCAL
And you can verify that you have a TGT by using the klist command.
-Mike
-----Original Message-----
From: Thomas Lau
Sent: Nov 6, 2014 8:20 PM
To: freeipa-users
Subject: [Freeipa-users] Kerberos for cronjoob
Hi,
Is it possible to renew ticket once in a while for cronjob to run on certain users? How do you guys run cronjob on Kerberos user without getting ticket expire?
Sent from my BlackBerry 10 smartphone.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
