On Thu, Aug 24, 2017 at 04:49:58PM +0000, John D'Ausilio wrote: > The system I'm doing a POC with uses local accounts in production on both > linux and windows boxes, which are headless. > On linux, k5start with a keytab for the afs user works fine for keeping a > fresh token available for the local account. > On windows, I'm having problems getting similar functionality. > First attempt was a scheduled task as the local user to kinit with the keytab > and then aklog .. it runs without errors but other shells (new or existing) > for the same user don't see any tickets (klist) or tokens. Separate caches?
I don't have any actual answers, but will note that some windows versions include a klist binary that may not know about externally-acquired tickets (as opposed to the klist binary that came with the external Kerberos implementation), and the cache type (FILE: or otherwise) is potentially relevant. -Ben > Second attempt was with Network Identity Manager, which would be perfect if I > can figure out how to make it use my keytab instead of typing a password. > Anyone have another solution? _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
