[OpenAFS-devel] Kerberos Authentication - kinit using STDIN

Pedro Rodrigues pedro.rodrigues@fct.unl.pt
Wed, 16 Feb 2011 15:21:37 +0000


--001636427058809a81049c67d717
Content-Type: text/plain; charset=UTF-8

Dear all,

We are currently deploying the AFS system in our University and we would
like to provider our users
with a tool which eases the usage of AFS by doing the following steps using
the user credentials:
- Kerberos authentication;
- Obtain AFS tokens;
- Create symbolic links to the personal area and for all the groups the user
pertains to.

In Linux Heimdal client it is possible to pass the password to kinit via
STDIN: "echo $password | kinit $user@$realm --password-file=STDIN" .
However, to our best knowledge it is not possible to do the same in Windows
and Mac OS X.
We also need to execute kinit command on behalf of the user since there are
several users which username is of the form "name.surname".
Therefore, we need to authenticate them with principal name "name/username"
due to the AFS pts principal conversion.

Is there any way to execute kinit, or a similar command to perform Kerberos
authentication, without user intervention while using passwords instead of
keytabs?

Thank you,

Pedro Rodrigues
Computer Department
FCT - Universidade Nova de Lisboa

--001636427058809a81049c67d717
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div class=3D"gmail_quote">Dear all,<div><br></div><div>We are currently de=
ploying the AFS system in our University and we would like to provider our =
users</div><div>with a tool which eases the usage of AFS by doing the follo=
wing steps using the user credentials:</div>



<div>- Kerberos authentication;</div><div>- Obtain AFS tokens;</div><div>- =
Create symbolic links to the personal area and for all the groups the user =
pertains to.</div><div><br></div><div>In Linux Heimdal client it is possibl=
e to pass the password to kinit via STDIN: &quot;echo $password | kinit $us=
er@$realm --password-file=3DSTDIN&quot; .</div>



<div>However, to our best knowledge it is not possible to do the same in Wi=
ndows and Mac OS X.</div><div>We also need to execute kinit command on beha=
lf of the user since there are several users which username is of the form =
&quot;name.surname&quot;.</div>



<div>Therefore, we need to authenticate them with principal name &quot;name=
/username&quot; due to the AFS pts principal conversion.</div><div><br></di=
v><div>Is there any way to execute kinit, or a similar command to perform K=
erberos authentication, without user intervention while using passwords ins=
tead of keytabs?</div>



<div><br></div><div>Thank you,</div><div><br></div><font color=3D"#888888">=
<div>Pedro Rodrigues</div><div>Computer Department</div><div>FCT - Universi=
dade Nova de Lisboa</div>
</font></div><br>

--001636427058809a81049c67d717--