[36350] in Kerberos
Re: Machine authentication
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat Aug 9 00:41:25 2014
Message-ID: <53E5A663.2000807@mit.edu>
Date: Sat, 09 Aug 2014 00:41:07 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: jarek <jarek@poczta.srv.pl>, kerberos <kerberos@mit.edu>
In-Reply-To: <1407483426.13274.13.camel@jlap3.macro.local>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 08/08/2014 03:37 AM, jarek wrote:
> Is it possible to receive ticket for host principal and use this ticket
> for authentication ?
Yes. Normally this is done using a keytab, in one of three ways:
* krb5_get_init_creds_keytab from the application code.
* kinit -k from the command line. (This will only work until the
resulting tickets expire.)
* Client keytab initiation (new in MIT krb5 1.11). Set the environment
variable KRB5_CLIENT_KTNAME to FILE:/path/to/keytab, and set KRB5CCNAME
to FILE:/some/path/writable/by/daemon/process. Don't create the ccache.
The GSS application will create it automatically using the keytab, and
will refresh it when needed.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
