Karen L Eldredge <[EMAIL PROTECTED]> wrote: > I'm not real familiar with Windows, because I mostly work on AIX or > Linux. AIX and Linux have the tool k5start that can be used to run > scheduled (cron) jobs by accessing the principal's password via a > keytab file. Is there something similar for Windows?
I use the "at" command to create scheduled tasks that run as the local SYSTEM user. These tasks automatically have access to the SYSTEM host principal ( [EMAIL PROTECTED] ) in the MSLSA cache for machines joined to Active Directory. You can then just have your script run aklog to obtain tokens (provided you create a PTS entry for the SYSTEM user.) Windows will auto-renew the tickets so you'd just need to periodically obtain new tokens. I don't have jobs that run long enough to need to renew tokens. If you want to run a job as a particular user, the same thing applies, only you have to actually enter the user's password to create the job. The user's Kerberos credentials are accessible in the same way. In theory you could write a short script that does the same thing as k5start but I'm not sure what it will gain you. The hard part of renewing tickets / tokens is handled by Windows if you are using Active Directory. <<CDC _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
