Davor Ocelic <[EMAIL PROTECTED]> wrote: > Just to drop in a quick comment. We were wondering how to perform > Kerberos5 and/or OpenAFS authentication without typing in user > passwords. > > The solution is to create a keytab file (with the user's key), which > the service will then use to authenticate. > > For example, to run "kadmin" with root/admin credentials and without > typing the password, you can do > > kadmin -k -p root/admin > > (-k implies you want to use /etc/krb5.keytab to get the data from). > This only works if the key for root/admin is actually found in the > keytab file and you can read the keytab file (mode 0600 by default).
You can also use a krb5cc directly (assuming you have credentials through some other process, this might be more useful.) kadmin -c $KRB5CCNAME > Since we want to run the daemons this way, it is better to use > k5start/krenew instead of kinit; those commands take care of both > ticket renewal and AFS tokens. (Thanks to Cristopher Clausen for > the hint). I've compiled the package from source, from Debian testing. Christopher has another "h" in it, but otherwise thanks for the credit. <<CDC -- Christopher D. Clausen _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
