Kevin Fenzi <kevin@xxxxxxxxx> writes: > On Tue, 13 Dec 2016 14:36:06 +0000 > Dave Love <d.love@xxxxxxxxxxxxxxx> wrote: > >> Simo Sorce <simo@xxxxxxxxxx> writes: >> >> > If you really need to automate it because typing a password is too >> > hard: cat ~/.mykrbpassword | kinit myusername >> >> It needs to be automated principally because the password is not >> memorable. I assume infrastructure people would rather we don't use >> the least secure credentials we can. > > I can't speak for others, but the thought of putting your fas password > in plain text in some start up file makes me cry. Yes, but if people can read it and it only has owner access they could have stolen the certificate, possibly can steal your ccache, and bets are off. A keytab isn't plain text, but isn't encrypted; it's used as "kinit -t <keytab>" with Heimdal and something similar with MIT. However, I now can't remember whether you need kadmin access to populate it, and don't know if that's available. > I cannot of course > tell anyone what to do, but I can beg you not to do this. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
