Thanks! Dnia 2014-08-09, sob o godzinie 16:20 +0100, Dameon Wagner pisze: > On Sat, Aug 09 2014 at 00:41:07 -0400, Greg Hudson scribbled > in "Re: Machine authentication": > > On 08/08/2014 03:37 AM, jarek wrote: > > > Is it possible to receive ticket for host principal and use > > > this ticket for authentication ? > > > > Yes. Normally this is done using a keytab, in one of three ways: > > > > * krb5_get_init_creds_keytab from the application code. > > > > * kinit -k from the command line. (This will only work until the > > resulting tickets expire.) > > > > * Client keytab initiation (new in MIT krb5 1.11). Set the > > environment variable KRB5_CLIENT_KTNAME to FILE:/path/to/keytab, and > > set KRB5CCNAME to FILE:/some/path/writable/by/daemon/process. Don't > > create the ccache. The GSS application will create it automatically > > using the keytab, and will refresh it when needed. > > Another option that sits somewhere between options 2 and 3 is to use > Russ' very useful k5start tool [0] which will "Obtain and optionally > keep active a Kerberos v5 ticket" by creating a CCache and renewing it > when necessary. The page [0] explains it all better than I can, so > probably best to just give it a read through. > > Cheers. > > Dameon. > > [0](http://www.eyrie.org/~eagle/software/kstart/) >
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
