Re: SSSD and Kerberos tickets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/17/2010 03:25 PM, Christoph Höger wrote:
> Am 17.08.2010 15:45, schrieb Stephen Gallagher:
>> On 08/17/2010 04:51 AM, Christoph Höger wrote:
>>> Hi all,
> 
>>> I'd like to get a kerberos ticket everytime I login to my f13 box, and
>>> run aklog afterwards automagically. The second part can be handled with
>>> kstart, but how do I get the first part with the new authconfig/sssd
>>> tools done? To make things a little bit more difficult: I have a local
>>> username that's different from my kerberos user name.
> 
>>> Any ideas?
> 
>>> Christoph
> 
> 
>> The easiest way is to not use a separate local username. With SSSD, it
>> can cache the credentials so you can still log on with your kerberos
>> password when you're not connected to the network.
> 
>> So if you set up your user account to log in with SSSD's kerberos, it
>> will automatically get you a TGT during login (or, if you log in
>> offline, it can be configured to automatically get the TGT once you go
>> online, such as connecting to a VPN).
> 
>> Of course, the catch here is that your kerberos user needs to be linked
>> to a user account on a centrally-managed database, ideally LDAP.
> 
> Ok, since my university does not give me any infos about that LDAP (and
> I do not want to rely on their IT for logging in locally), is there no
> other solution to simply run kstart from pam and querying for the ticket
> password at startup with sssd?

SSSD isn't going to help you in this case. What you probably just want
to do is write a script to include in your .bash_profile script so that
when you log in, your shell calls "cat /path/to/mysecretpassword.txt
|kinit" when you log in.



- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxq6hMACgkQeiVVYja6o6OgggCfRzmgyhu1d81f3B2Tzm3RFSmx
xKgAn1rWzTlyx2re7OuH02eyzDDvoOGf
=q/tn
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux