On Tue, Apr 7, 2009 at 3:10 PM, <[email protected]> wrote: > Hi, > > I wanted to know whether there are any recommendations regarding > following scenario: > > - In order to Linux daemons to be running in kerberos/Active Directory > users' context, a (krbtgt) ticket is needed and is fetched by kinit. > - But this ticket is usually valid for some time depending on user > configuration and it needs to be renewed. > > Is there a recommended way of renewing/getting new ticket for the > user? > > One of the ways suggested to me was run kinit externally as cronjob > for every user you want every n hours. But that seems dangerous to me.
If you mean a daemon which requires kerberos authentication (for example sshd or httpd) you don't need to kinit anything but use a keytab, that is read when required. If you mean a daemon which acts as a client, then you need a TGT for that user/daemon, and either you code the kinit stuff whithin, or you use kinit from an external cron. I don't see any other alternatives. Javier Palacios ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
