[OpenAFS] Re: Cron Jobs for "Regular" Users

Holger Rauch holger.rauch@empic.de
Wed, 27 Jan 2010 16:27:59 +0100

Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Andrew (and all the other list members),

ok, first I like to admit that this is actually rather Kerberos- than
OpenAFS-related. Sorry for that, but I want to be able to issue cron
jobs as an OpenAFS user without having to create both new, dedicated
"<user_name>/cron" princs and the associated new PTS entries and
would rather like to "reuse" the "regular" user princs already
created for interactive logins. (I'm aware that dedicated cron job
princs would offer additional security).

On Wed, 30 Dec 2009, Andrew Deason wrote:

> [...]=20
> I believe at least MIT's ktutil allows you to create a keytab from a
> known password (and kvno and enctype). See the add_entry -password
> command in ktutil. That doesn't seem like much less work than creating
> new princs, though...

I tried to follow your suggestion. I had come accross this mail:


However, when following the steps described in there, I get the
following error message after having invoked kinit:

kinit(v5): Key table entry not found while getting initial credentials

Interestingly enough, when I do

klist -ek <keytab_file>

the entry appears. So, I'm quite puzzled by the error message.=20

- Could it be that the kvno doesn't match?

- What's the default kvno for princs that are created interactively from wi=
  kadmin using the "addprinc" command?

- In case I want to reuse a regular user princ from within a keytab in
  order to be able to do "kinit -kt <keytab_file> <princ>" from within
  a crontab entry, do I have to pass the same kvno as an argument to
  the "-k" switch of ktutil's "addent" command?
Any clarification is greatly appreciated. Thanks in advance.

Kind regards,


Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.9 (GNU/Linux)