Hi, We're working on creating a process that will automatically create a kerberos principal for a user when they agree to the computer policies on a web page.
The user will use a web link that we sent with a hashed value that will take the user to a web page that will create their kerberos principal if they agree to the computer usage terms. This web page is a transition and complement to an in-house written app that creates kerberos principals on demand when a user shows valid ID to our helpdesk staff. I'm looking on advice on how to best to write a system that will be run by the web server and create the specified user account on demand and set the password. I plan to use a custom kerberos principal for this purpose with the right to create principals on the KDC. The only thing that is passwd in is the username and password. I was planning on storing this custom principals keytab in a local file. Besides having files readable only by root and only allowing the web server user to run the program and verifying my input. how can I keep this relatively secure? This is a shared web server that serves php from our students home pages, but no one besides staff members has shell access. This seems like a simple process: kinit with keytab kadmin addprinc with new password kdestroy I'm just looking for the gotchas. Thanks, Jason ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
