Hi Andrew (and all the other list members), ok, first I like to admit that this is actually rather Kerberos- than OpenAFS-related. Sorry for that, but I want to be able to issue cron jobs as an OpenAFS user without having to create both new, dedicated "<user_name>/cron" princs and the associated new PTS entries and would rather like to "reuse" the "regular" user princs already created for interactive logins. (I'm aware that dedicated cron job princs would offer additional security).
On Wed, 30 Dec 2009, Andrew Deason wrote: > [...] > I believe at least MIT's ktutil allows you to create a keytab from a > known password (and kvno and enctype). See the add_entry -password > command in ktutil. That doesn't seem like much less work than creating > new princs, though... I tried to follow your suggestion. I had come accross this mail: http://www.mail-archive.com/[email protected]/msg03229.html However, when following the steps described in there, I get the following error message after having invoked kinit: kinit(v5): Key table entry not found while getting initial credentials Interestingly enough, when I do klist -ek <keytab_file> the entry appears. So, I'm quite puzzled by the error message. - Could it be that the kvno doesn't match? - What's the default kvno for princs that are created interactively from within kadmin using the "addprinc" command? - In case I want to reuse a regular user princ from within a keytab in order to be able to do "kinit -kt <keytab_file> <princ>" from within a crontab entry, do I have to pass the same kvno as an argument to the "-k" switch of ktutil's "addent" command? Any clarification is greatly appreciated. Thanks in advance. Kind regards, Holger
signature.asc
Description: Digital signature
