You might be able to do some sort of powershell script? I don't think the KFW has a startup context to it. The thin is you would need to pass credentials in somehow which starts to weaken the integrity of the security model once you start caching passwords/keytabs. We should know, Hadoop is the poster child of poor credential handling (and a ton of work is going into cleaning that all up).
On Friday, November 18, 2016, Mauro Cazzari <mauro.cazz...@sas.com> wrote: > One more thing: if MIT Kerberos is installed, is there a way to populate > the KRB5CCNAME cache file automatically when I log on to Windows without > having to use a keytab or having to run a kinit under the covers? > > > > *From:* Todd Grayson [mailto:tgray...@cloudera.com > <javascript:_e(%7B%7D,'cvml','tgray...@cloudera.com');>] > *Sent:* Friday, November 18, 2016 11:34 AM > *To:* Mauro Cazzari <mauro.cazz...@sas.com > <javascript:_e(%7B%7D,'cvml','mauro.cazz...@sas.com');>> > *Cc:* Kerberos@mit.edu <javascript:_e(%7B%7D,'cvml','Kerberos@mit.edu');> > *Subject:* Re: Can I automatically cache AD tickets into a file on > windows? > > > > From what I understand, the windows SSPI implementation does not provide a > facility to hold the credentials in a file. You would use the MIT KFW to > be able to do that. > > On Friday, November 18, 2016, Mauro Cazzari <mauro.cazz...@sas.com > <javascript:_e(%7B%7D,'cvml','mauro.cazz...@sas.com');>> wrote: > > Kerberos experts, > Is there a way to automatically cache AD-generated tickets to the file > provided through the KRB5CCNAME environment variable on Windows without > having to run a kinit? My understanding is that Windows caches tickets in > memory (whereas Unix does the same on file). Do I need to install MIT > Kerberos, or (ideally) can I just use the copy of Kerberos that comes with > Windows to achieve my goal? > Thanks! > Mauro. > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > -- > > Todd Grayson > > Business Operations Manager > > Customer Operations Engineering > > Security SME > > > -- Todd Grayson Business Operations Manager Customer Operations Engineering Security SME ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
