What I would do in your situation is
kinit -c FILE:cachename -k -t FILE:keyfile
and then start your service with KRB5CCNAME set to FILE:cachename
that is your best shot at ensuring that the cache is not accessed by other
services.
FILE:cachename should be in a directory that is only accessib
Are there any special circumstances to be aware of for a Windows Service
to access a credentials cache which was created outside the context of the
service?
I have a user running an application as a Windows Service. The service
eventually calls a cvs command which accesses the repository via s
Hi Marcus,
it seems that i can't even kinit over scotty
bash-2.05# kinit scotty
Password for [EMAIL PROTECTED]:
kinit: Preauthentication failed while getting initial credentials
same error as that of kadmin
How can i turn off REQUIRES_PRE_AUTH on the principal?
Thanks,
Scotty
Marcus Watts <
At 2007-02-16 10:30, [EMAIL PROTECTED] said:
> Otherwise I think setting KRB5_KTNAME in some kind of startup script
> as mentioned by Daniel and Simon in the two other responses is an
> adequate solution.
you also can set the variable directly within your code with putenv(),
if you want to read t
> "Peger," == Peger, Daniel Heinrich <[EMAIL PROTECTED]> writes:
Peger,> Hi, could you perhaps point me to the methods in the MIT
Peger,> KRB5 API (LIBKRB5.a) that can be used to make the GSSAPI
Peger,> methods use a non default keytab? In the API docs I'm
Peger,> seeing only m
Thanks,
are these methods documented anywhere? They seem to be part of the
gssapi library and are declared in gssapi_krb5.h (MIT release) but there
are no comments or anything on these...
Regards
-Original Message-
From: Simon Wilkinson [mailto:[EMAIL PROTECTED]
Sent: Friday, February
How long of characters does the kerberos client can handle? Is there a
way to still use that name?
# mkuser registry=KRB5Afiles SYSTEM=KRB5Afiles
auth_domain=vcn.ds.volvo.net EN-GHAN-T-STD
3004-694 Error adding "EN-GHAN-T-STD" : Name is too long.
K
Hi,
could you perhaps point me to the methods in the MIT KRB5 API
(LIBKRB5.a) that can be used to make the GSSAPI methods use a non
default keytab? In the API docs I'm seeing only method to specify a
keytab for the authentication methods in the MIT API only.
>From what I see in the MIT API docs I