Hi Russ (and all the others as well), I came accross
http://www.eyrie.org/~eagle/software/kstart/k5start.html and saw the following excerpt (sample code) for use in (Debian) init scripts === Starts k5start as a daemon using the Debian start-stop-daemon management program. This is the sort of line that one could put into a Debian init script: start-stop-daemon --start --pidfile /var/run/k5start.pid \ --exec /usr/local/bin/k5start -- -b -p /var/run/k5start.pid \ -f /etc/krb5.keytab host/example.com This uses /var/run/k5start.pid as the PID file and obtains host/example.com tickets from the system keytab file. k5start would then be stopped with: start-stop-daemon --stop --pidfile /var/run/k5start.pid rm -f /var/run/k5start.pid This code could be added to an init script for Apache, for example, to start a k5start process alongside Apache to manage its Kerberos credentials. === My questions: - When using k5start in this way, should only host principals be used or should it also work with user principals? - What maximum ticket lifetime is assumed/recommended for the used principal(s) so that this particular approach works as expected? (By "as expected" I mean that Apache runs possibly indefinitely (provided that the Apache process doesn't dump core :-) ), i.e. without having to be restarted manually just in order to obtain a new, "fresh" Kerberos ticket for the corresponding principal). Thanks in advance & kind regards, Holger
signature.asc
Description: Digital signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
