On 12/14/2016 09:19 AM, Dave Love wrote: > Kevin Fenzi <kevin@xxxxxxxxx> writes: > >> On Tue, 13 Dec 2016 14:36:06 +0000 >> Dave Love <d.love@xxxxxxxxxxxxxxx> wrote: >> >>> Simo Sorce <simo@xxxxxxxxxx> writes: >>> >>>> If you really need to automate it because typing a password is too >>>> hard: cat ~/.mykrbpassword | kinit myusername >>> >>> It needs to be automated principally because the password is not >>> memorable. I assume infrastructure people would rather we don't use >>> the least secure credentials we can. >> >> I can't speak for others, but the thought of putting your fas password >> in plain text in some start up file makes me cry. > > Yes, but if people can read it and it only has owner access they could > have stolen the certificate, possibly can steal your ccache, and bets > are off. A keytab isn't plain text, but isn't encrypted; it's used as > "kinit -t <keytab>" with Heimdal and something similar with MIT. > However, I now can't remember whether you need kadmin access to populate > it, and don't know if that's available. > You do not; you can manipulate a keytab in your local user space with `ktutil`
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
