rem@raistlin (06/10/91)
I have read the man page on ksrvtgt(1) for Kerberos 4.0 but do not understand where/why it would be used. Does anyone have any examples? -- Roger Miller rem@udev.cdc.com Control Data Corporation Voice: (612) 482-2665 Mail Station ARH215 Fax: (612) 482-2791 4201 Lexington Avenue North Arden Hills, MN 55126
tytso@ATHENA.MIT.EDU (Theodore Ts'o) (06/11/91)
Date: 10 Jun 91 15:40:31 GMT From: rem@raistlin.Stanford.EDU I have read the man page on ksrvtgt(1) for Kerberos 4.0 but do not understand where/why it would be used. Does anyone have any examples? An example: You have a nightly cron job running on a server which needs Kerberos authentication to another server. Since in Kerberos, service identities and user identities are identical, you can use ksrvtgt to fetch Kerberos ticket-granting-tickets using the service principal and key stored in /etc/srvtab. (Note: this means that your cron job must have access to the srvtab). You can then put "rcmd.<hostname>" on the access control list of the second server, and then the first server can obtain the privileges it needs to do its nightly task. - Ted
jon@ATHENA.MIT.EDU (Jon Rochlis) (06/13/91)
ksrvtgt is frequently used for a server that wishes to be a client and needs to authenticate to other services. In particular it is used in shell scripts (otherwise you could just call the right ticket getting routines). for example, you might have a cron job that runs on a master server which pushes data out to slave sites in the middle of the night. The slaves only want to take updates from the master, and both the master and slave s have srvtabs ... -- Jon