[39218] in Kerberos
Is there a way to steer kinit to a specific kdc?
daemon@ATHENA.MIT.EDU (Dan Mahoney (Gushi))
Wed Apr 5 00:58:45 2023
Date: Tue, 4 Apr 2023 21:52:58 -0700 (PDT)
From: "Dan Mahoney (Gushi)" <danm@prime.gushi.org>
To: kerberos@mit.edu
Message-ID: <4c59d692-3d8a-553-20e8-388e7446f37@prime.gushi.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: kerberos-bounces@mit.edu
Hey there all.
I'm writing up a Nagios check to make sure our KDC's are answering, and
rather than just sending a tcp/udp probe to port 88, I want to actually
get a ticket, probably by using a keytab and an otherwise unprivileged
user.
I'm reading about one such plugin, here:
https://exchange.nagios.org/directory/Plugins/Security/check_kdc/details
and it looks *okay*. I'm not super invested in reinventing the wheel.
It's a fairly simple shell script.
It *looks* like, in order to check basically fakes this out with a
krb5.conf that only includes a single KDC (the one being tested).
Is that really the best way to go about it?
Can neither mit kinit nor the heimdal one supplied with BSD systems by
default, not just be forced to a single KDC?
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
FB: fb.com/DanielMahoneyIV
LI: linkedin.com/in/gushi
Site: http://www.gushi.org
---------------------------
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
