--On Wednesday, February 16, 2011 03:21:37 PM +0000 Pedro Rodrigues
<[email protected]> wrote:
In Linux Heimdal client it is possible to pass the password to kinit via
STDIN: "echo $password | kinit $user@$realm --password-file=STDIN" .
However, to our best knowledge it is not possible to do the same in
Windows and Mac OS X.
We also need to execute kinit command on behalf of the user since there
are several users which username is of the form "name.surname".
Therefore, we need to authenticate them with principal name
"name/username" due to the AFS pts principal conversion.
OK, but why do you need to collect the password and pass it along, rather
than simply allowing kinit to collect the password directly from the user.
If you are actually using a shell script such as you describe above, there
are all sorts of opportunities for trouble caused by passwords containing
things you didn't expect. And, unless you're _very_ careful, you're
risking exposing the password to other users on the machine, in a variety
of ways.
If you really must collect the password yourself, consider doing so in a
compiled program from which you can call the Kerberos API. There are
functions available for obtaining tickets and/or verifying user login,
given a principal name and password.
Finally, this is really a Kerberos question, not something related to the
development of OpenAFS. You might get better response asking on the
[email protected] mailing list instead of here.
-- Jeffrey T. Hutzelman (N3NHS) <[email protected]>
Carnegie Mellon University - Pittsburgh, PA
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
