[OpenAFS] Re: Cron Jobs for "Regular" Users

Andrew Deason adeason@sinenomine.net
Wed, 27 Jan 2010 10:35:14 -0600


On Wed, 27 Jan 2010 16:27:59 +0100
Holger Rauch <holger.rauch@empic.de> wrote:

> - Could it be that the kvno doesn't match?
> 
> - What's the default kvno for princs that are created interactively
> from within kadmin using the "addprinc" command?
> 
> - In case I want to reuse a regular user princ from within a keytab in
>   order to be able to do "kinit -kt <keytab_file> <princ>" from within
>   a crontab entry, do I have to pass the same kvno as an argument to
>   the "-k" switch of ktutil's "addent" command?
>   
> Any clarification is greatly appreciated. Thanks in advance.

I thought I sent a response to this, but I'm not seeing it. I don't know
if I feel like retyping the whole thing, but the gist of it was the
example:

(summary: 'kvno' can tell you the kvno, and 'klist -e' can tell you the
enctype)

$ kinit adeason
Password for adeason@LOCALCELL:
$ klist -e
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: adeason@LOCALCELL
  
  Valid starting     Expires            Service principal
  01/27/10 10:28:36  01/28/10 10:28:36  krbtgt/LOCALCELL@LOCALCELL
          Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc mode with HMAC/sha1

$ kvno -c /tmp/krb5cc_1000 adeason
adeason@LOCALCELL: kvno = 1
$ kdestroy
$ ktutil
ktutil:  addent -password -p adeason -k 1 -e des3-cbc-sha1
Password for adeason@LOCALCELL:
ktutil:  wkt foo.keytab
ktutil:
$ kinit -k -t foo.keytab adeason
$ echo $?
0

-- 
Andrew Deason
adeason@sinenomine.net