[37580] in Kerberos
Re: Login usecase
daemon@ATHENA.MIT.EDU (Brandon Allbery)
Mon Jul 18 10:45:20 2016
From: Brandon Allbery <ballbery@sinenomine.net>
To: Aneela Saleem <aneela@platalytics.com>,
"kerberos@mit.edu"
<kerberos@mit.edu>
Date: Mon, 18 Jul 2016 14:45:01 +0000
Message-ID: <36B28632-6182-40D7-BDDE-288E762DF7FD@sinenomine.net>
In-Reply-To: <CAC1K3K_Fi+8T37_jxHnd7rhrF4yBzCZd9G0xAVK1DSpA_8b=LQ@mail.gmail.com>
Content-Language: en-US
Content-ID: <4467EFFC67B4C94897C02E78BB624CBD@mex09.mlsrvr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
You are going to have to describe what you are trying to do in more detail. Keytabs are not normally used for this purpose, except in the case of automated procedures (e.g. cron) that need to log in to a service as if they are a user. Perhaps you have confused keytabs (“passwords” on disk) with ccaches (ephemeral service credentials, which may or may not be on disk and typically expire in a relatively short time)?
On 7/17/16, 16:04, "kerberos-bounces@mit.edu on behalf of Aneela Saleem" <kerberos-bounces@mit.edu on behalf of aneela@platalytics.com> wrote:
Hi all,
If a user logs into any kerberized Application, using Krb5LoginModule,
there is a function loginFromKeyTab. Client should have the key tab file to
login to application. But I think this is very insecure way of login.
Anyone who cloud access your key tab file then login to application. Is
there any appropriate way to login to system. I don't understand How to do
this. I'm stuck
Thanks
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
