The KFW kinit does not allow keyboard redirection.
[Rodney steps onto soap box]
Unfortunately, since in my little world view, there is no distinction between levels of programming. Scripting is just as valid a way to code as calling libraries from C code. The kinit program does not allow stdin because someone made that executive decision at the developer level. It is not that way for any technical limitation. However, this is somewhat odd since the Sun version of "kinit" and the Solaris version of "kinit" that ships with MIT Kerberos both allow reading from STDIN.
If you want to get your hands dirty and disobey the developers you can try the hack to the KFW kinit. See the section "Bug in MIT's version of KINIT.EXE prevents reading passwords from stdin", in the document "The Integration of Kerberos V5, AFS, and Windows XP using the AFSLogonShell" here...
http://www.coe.uncc.edu/~rmdyer/krblogon.htm
This described hack was for the 1.3.1 version of kinit. I don't know if it still works with the latest version.
Hack at your own risk. I am not promoting this solution, however I do think that it is a valid way to provide a short term method of authentication. You should be cautioned however to not directly echo the password in a command line. Instead you should use the technique described in the section "Shouldn't use XP command shell ECHO for sending password to KINIT.EXE" from the same document.
Rodney
Luis Daniel Lucio Quiroz wrote:
> Helo All,
>
> I was wondering if there is away to make kerberos auth automatic. The fact is
> that I working on making a NT4 (samba) like domain work most closely like a
> 2k-alike domain (I'm interesting on Kerberos and single-singon feature). On
> PDC all services are already kerberized, using pam or native support.
>
> When a client sign on I can catch its password, so I would know if there is a
> way to use kinit command with out prompint,
>
> I have tried: echo passwor | kinit user and
> kinit user < pass.txt
>
> but both of two fails and display windows prompmt. Does any one knows
> something more easy? Or if tehre is a simple kerberos client that supports
> this?
>
>
> regards,
>
> LD
> ________________________________________________
> Kerberos mailing list [EMAIL PROTECTED]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
-- ----------------- This e-mail account is not read on a regular basis. Please send private responses to jaltman at mit dot edu ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
