[33266] in Kerberos
Re: Trying to use Windows Netidmgr with Keytab
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Mon Mar 14 10:37:15 2011
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kerberos@mit.edu
Message-ID: <4D7E280F.8060202@secure-endpoints.com>
Date: Mon, 14 Mar 2011 10:37:03 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <1367693620.7229.1300111933783.JavaMail.root@mailstore01.gopc.net>
Reply-To: jaltman@secure-endpoints.com
Content-Type: multipart/mixed; boundary="===============1230281007=="
Errors-To: kerberos-bounces@mit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1230281007==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enigC69789B0B9D5C84A203DF8C1"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC69789B0B9D5C84A203DF8C1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 3/14/2011 10:12 AM, Murray Trainer wrote:
> Hi,
>=20
> I am using the latest Kerberos for Windows from Secure Endpoints. I cr=
eated the Windows DOS batch file below that obtains my kerberos 5 tickets=
using a keytab file.
>=20
> set krb_user=3Dmurray
> set KRB5CCNAME=3DFILE:c:\krb5cc_%krb_user%
> set KRB5_KTNAME=3D\%krb_user%.keytab
> kinit -5 -r 7d -k -t C:\%krb_user%.keytab %krb_user%@MYDOMAIN.NET
> start /min C:\"Program Files"\MIT\Kerberos\bin\netidmgr.exe
>=20
> The kinit line works and if I do a klist I have kerberos 5 tickets. Th=
e last line in the script is intended to start Windows Netidmgr so it aut=
omatically renews these tickets using the keytab file. Netidmgr starts a=
nd if I maximise it my identity is greyed out and my tickets don't get re=
newed unless I manually renew them by entering my password. After that m=
y tickets are renewed automatically. Is there any way of making Netidmgr=
use the Keytab file instead of requiring passwords be entered?
>=20
> Any assistance is appreciated
>=20
> Thanks
>=20
> Murray =20
NetIdMgr doesn't know to look for your FILE: cache since it has no
method of enumerating FILE caches. You need to manually add your FILE
cache to the search list on the Options->Kerberos v5->Credential Caches
page. Once that is done NetIdMgr will be able to recognize and renew
the credentials.
Built-in support for keytab based identities is on the list of items we
wish to add but I'm not sure when it will be done.
Jeffrey Altman
--------------enigC69789B0B9D5C84A203DF8C1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJNfigSAAoJENxm1CNJffh4oRkH/1Fh6qEbP8yMb36uTV+aup5z
efvigXXybjvj/HlS9RlWzuLmc3Hk85ToLWXTHhm835SAUUM8r+roEF0y8dx5f+FH
P86euFqgeF6u2iJyB8assejEURlQBSR4AC2kPAo+XxoCDFVzqR2DHPYBGcN+NJp+
smwcYZbS3ZgEIp1GEahsvrqP5ArGKLKfyJMWxTAiwxnvKvTfQ0m5eInPtJlGT/re
fFNhD4lehYST7VyRdY0xKfoN7fThBYEk28bdrvPIFl3LRn+xSzNoBgNjAsGa2FAn
W26d45FQD4Bpq6AQpJ++si/IScQXgpudAdDxfprcbqfvKKeoSB/0s9Q2uPIJL5U=
=4Zca
-----END PGP SIGNATURE-----
--------------enigC69789B0B9D5C84A203DF8C1--
--===============1230281007==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1230281007==--
