SSSD and Kerberos tickets
sgallagh at redhat.com
Tue Aug 17 19:59:15 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 08/17/2010 03:25 PM, Christoph Höger wrote:
> Am 17.08.2010 15:45, schrieb Stephen Gallagher:
>> On 08/17/2010 04:51 AM, Christoph Höger wrote:
>>> Hi all,
>>> I'd like to get a kerberos ticket everytime I login to my f13 box, and
>>> run aklog afterwards automagically. The second part can be handled with
>>> kstart, but how do I get the first part with the new authconfig/sssd
>>> tools done? To make things a little bit more difficult: I have a local
>>> username that's different from my kerberos user name.
>>> Any ideas?
>> The easiest way is to not use a separate local username. With SSSD, it
>> can cache the credentials so you can still log on with your kerberos
>> password when you're not connected to the network.
>> So if you set up your user account to log in with SSSD's kerberos, it
>> will automatically get you a TGT during login (or, if you log in
>> offline, it can be configured to automatically get the TGT once you go
>> online, such as connecting to a VPN).
>> Of course, the catch here is that your kerberos user needs to be linked
>> to a user account on a centrally-managed database, ideally LDAP.
> Ok, since my university does not give me any infos about that LDAP (and
> I do not want to rely on their IT for logging in locally), is there no
> other solution to simply run kstart from pam and querying for the ticket
> password at startup with sssd?
SSSD isn't going to help you in this case. What you probably just want
to do is write a script to include in your .bash_profile script so that
when you log in, your shell calls "cat /path/to/mysecretpassword.txt
|kinit" when you log in.
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the users