[OpenAFS] Re: Cron Jobs for "Regular" Users
Andrew Deason
adeason@sinenomine.net
Thu, 28 Jan 2010 14:37:27 -0600
On Thu, 28 Jan 2010 21:04:55 +0100
Holger Rauch <holger.rauch@empic.de> wrote:
> Hi Russ,
>
> thanks a lot for your reply.
>
> On Thu, 28 Jan 2010, Russ Allbery wrote:
>
> > [...]
> > ktadd -norandkey will do this automatically. ktutil doesn't seem
> > like the right tool to use if you're using MIT Kerberos (it's the
> > right tool to use if you're using Heimdal).
>
> The problem is that I don't want to "destroy" my regular user's
> princ. (I'm afraid that once I ktadd a princ to a keytab, I can't
> login anymore interactively using that principal because of the
> increased kvno). In case I'm wrong, please feel free to correct me. (I
> would have preferred to use ktadd right from the start, but the
> aforementioned fears kept me away from using it).
The -norandkey option is what leaves the keys the same, so users can
still kep using the same password. It requires a rather newish kadmin,
though, doesn't it? I don't know the version it comes with, but it
doesn't seem to exist with lenny's packages.
--
Andrew Deason
adeason@sinenomine.net