[OpenAFS] k5start functionality on windows

Benjamin Kaduk kaduk@mit.edu
Sat, 26 Aug 2017 20:50:08 -0500

On Thu, Aug 24, 2017 at 04:49:58PM +0000, John D'Ausilio wrote:
> The system I'm doing a POC with uses local accounts in production on both linux and windows boxes, which are headless.
> On linux, k5start with a keytab for the afs user works fine for keeping a fresh token available for the local account.
> On windows, I'm having problems getting similar functionality.
> First attempt was a scheduled task as the local user to kinit with the keytab and then aklog .. it runs without errors but other shells (new or existing) for the same user don't see any tickets (klist) or tokens. Separate caches?

I don't have any actual answers, but will note that some windows versions include
a klist binary that may not know about externally-acquired tickets (as opposed
to the klist binary that came with the external Kerberos implementation), and
the cache type (FILE: or otherwise) is potentially relevant.


> Second attempt was with Network Identity Manager, which would be perfect if I can figure out how to make it use my keytab instead of typing a password.
> Anyone have another solution?