Groups | Search | Server Info | Login | Register
Groups > comp.protocols.kerberos > #5470
| From | Geoffrey Thorpe <geoff@geoffthorpe.net> |
|---|---|
| Newsgroups | comp.protocols.kerberos |
| Subject | Re: interested in discussing some Kerberos improvements |
| Date | 2026-04-02 18:18 -0400 |
| Organization | TNet Consulting |
| Message-ID | <mailman.7.1775168297.1813.kerberos@mit.edu> (permalink) |
| References | (2 earlier) <990e6964-c1f6-4fe3-adc9-4c3f9109a74b@geoffthorpe.net> <acrvfhQt/ddH8Kfi@ubby> <4ab956b5-f740-4182-bf7f-2ed1499235ee@geoffthorpe.net> <202603310142.62V1gCdW028597@hedwig.cmf.nrl.navy.mil> <0520e122-01cb-4ecb-81fe-b38cddb744ff@geoffthorpe.net> |
On 3/30/26 9:42 PM, Ken Hornstein via Kerberos wrote: >>> Are you referring to the mode of kinit where it runs a command and keeps >>> it supplied with fresh tickets? MIT Kerberos' kinit does not have that >>> mode. >> >> Yes that's what I'm referring to. If it's not yet supported by the MIT >> kinit, I would certainly recommend that it be added, it's very helpful. > > Can't speak for anyone else, but we use "k5start" for this. Ahh, that looks like the same feature, judging from the man page. Thanks. As I understand it, k5start will invoke kinit periodically to handle credential refresh, and so if kinit is configured to use pkinit to get creds, then it would pick up the cert and key from the file system each time kinit is invoked (rather than them being read only once when k5start is first run). Is that correct? If so, that's once less feature to worry about. :-) Thanks Geoff
Back to comp.protocols.kerberos | Previous | Next | Find similar
Re: interested in discussing some Kerberos improvements Geoffrey Thorpe <geoff@geoffthorpe.net> - 2026-04-02 18:18 -0400
csiph-web