I can't find k5start for openSUSE. I'll ask the guys over
at the suse list for that one.
Otherwise you could probably compile it yourself.
If I get time, I'll go through this on Ubuntu (where Geza pointed me to
k5start).
Thanks again.
Steve
Got an old k5start from the openSUSE vaults and got the keytab working
with it:
samba-tool domain exportkeytab /etc/nslcd.keytab --principal=nslcd-service
Then:
k5start -v -f /etc/nslcd.keytab -u nslcd-service -o nslcd-user -k
/tmp/krb5cc_0
Kerberos initialization for nslcd-service@SITE
k5start: authenticating as nslcd-service@SITE
k5start: getting tickets for krbtgt/SITE@SITE
It didn't ask for a password:)
A few bits of stuff.
This is not ideal. It renews every 5 mins, which too often. Probably
need some k5list --help
Maybe /tmp is a bad place to put the cache. On openSUSE (and probably
other distros), anyone can get in there and have a look around.
Don't get this:
ls -la /etc/nslcd.keytab
-rw------- 1 root root 178 Jan 20 15:19 /etc/nslcd.keytab
yet k5start can get at it.
I still think there must be a better way.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
