[36290] in Kerberos
Re: Passwordless access to kadmin
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Fri Jul 18 11:47:04 2014
Date: Fri, 18 Jul 2014 11:46:50 -0400 (EDT)
From: Benjamin Kaduk <kaduk@mit.edu>
To: jarek <jarek@poczta.srv.pl>
In-Reply-To: <1405678645.16836.9.camel@jlap3.macro.local>
Message-ID: <alpine.GSO.1.10.1407181145470.21571@multics.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, 18 Jul 2014, jarek wrote:
> Hello!
>
> How can I automatically get kadmin/kdc.domain@REALM ticket, so I can
> access kadmin without entering password second time ?
> If I have valid ticket I can connect with ssh, and ticket for
> host/server is created automatically. The same is with psql, but not for
> kadmin.
kadmin requires tickets with the INITIAL flag set, i.e., not granted from
the TGS.
You can use kinit -c FILE:/path/to/ccname -S kadmin/kdc.domain@REALM to
get such a service ticket and put it in the named cache. kadmin -c
FILE:/path/to/ccname should then successfully authenticate without
prompting for a password.
-Ben Kaduk
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos