I am writing the shell script to get the data every other other day but the commands need to run using kerberos authentication. I am using keytab for storing the kinit password securly. the script works fine untill the TGT expires but the script fails to run after the TGT expires. how to automate this?
Asked
Active
Viewed 1,777 times
0
-
Possible duplicate of [Kerberos kinit enter password without prompt](http://stackoverflow.com/questions/8144596/kerberos-kinit-enter-password-without-prompt) – n. m. could be an AI Dec 23 '15 at 06:04
-
That has a answer for kinit to use keytab. I totally agree but that password in keytab will expire over a period of time. after that I need to enter the password again in keytab. Can I automate this, and if yes, how? – Naveen Dec 23 '15 at 06:11
-
Sorry bad vote, retracted. Can you test tickets validity and expiration with klist, and then renew or request a new ticket if needed? – n. m. could be an AI Dec 23 '15 at 06:22
-
https://forums.gentoo.org/viewtopic-p-7482620.html – n. m. could be an AI Dec 23 '15 at 06:24
1 Answers
0
kinit with -l option can be used for setting ticket lifetime.
For example: kinit -l "10d 0h 0m 0s"
If the -l option is not specified, the default ticket lifetime (configured by each site) is used. And you should also consider KDC's maximum ticket lifetime. Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) will not override the configured maximum ticket lifetime.
Kadir
- 1,664
- 2
- 19
- 22