[OpenAFS-devel] Kerberos Authentication - kinit using STDIN

Pedro Rodrigues pedro.rodrigues@fct.unl.pt
Wed, 16 Feb 2011 14:27:46 +0000 

--001636427058df8a3e049c67163d
Content-Type: text/plain; charset=UTF-8

Dear all,

We are currently deploying the AFS system in our University and we would
like to provider our users
with a tool which eases the usage of AFS by doing the following steps using
the user credentials:
- Kerberos authentication;
- Obtain AFS tokens;
- Create symbolic links to the personal area and for all the groups the user
pertains to.

In Linux Heimdal client it is possible to pass the password to kinit via
STDIN: "echo $password | kinit $user@$realm --password-file=STDIN" .
However, to our best knowledge it is not possible to do the same in Windows
and Mac OS X.
We also need to execute kinit command on behalf of the user since there are
several users which username is of the form "name.surname".
Therefore, we need to authenticate them with principal name "name/username"
due to the AFS pts principal conversion.

Is there any way to execute kinit, or a similar command to perform Kerberos
authentication, without user intervention while using passwords instead of
keytabs?

Thank you,

Pedro Rodrigues
Computer Department
FCT - Universidade Nova de Lisboa

--001636427058df8a3e049c67163d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Dear all,<div><br></div><div>We are currently deploying the AFS system in o=
ur University and we would like to provider our users</div><div>with a tool=
 which eases the usage of AFS by doing the following steps using the user c=
redentials:</div>


<div>- Kerberos authentication;</div><div>- Obtain AFS tokens;</div><div>- =
Create symbolic links to the personal area and for all the groups the user =
pertains to.</div><div><br></div><div>In Linux Heimdal client it is possibl=
e to pass the password to kinit via STDIN: &quot;echo $password | kinit $us=
er@$realm --password-file=3DSTDIN&quot; .</div>


<div>However, to our best knowledge it is not possible to do the same in Wi=
ndows and Mac OS X.</div><div>We also need to execute kinit command on beha=
lf of the user since there are several users which username is of the form =
&quot;name.surname&quot;.</div>


<div>Therefore, we need to authenticate them with principal name &quot;name=
/username&quot; due to the AFS pts principal conversion.</div><div><br></di=
v><div>Is there any way to execute kinit, or a similar command to perform K=
erberos authentication, without user intervention while using passwords ins=
tead of keytabs?</div>


<div><br></div><div>Thank you,</div><div><br></div><div>Pedro Rodrigues</di=
v><div>Computer Department</div><div>FCT - Universidade Nova de Lisboa</div=
>

--001636427058df8a3e049c67163d--