[Date Prev][Date Next]
Re: syncrepl + GSSAPI
--On Thursday, August 05, 2004 11:34 AM -0400 "Matthew J. Smith"
I have searched the archives and Google with little luck, although
maybe I just haven't used the right keywords yet. I am looking to
perform replication via syncrepl, using GSSAPI for authentication. I
have GSSAPI working for user authentication already.
With syncrepl, how do I get my consumer to obtain a ticket, using it's
keytab (default /etc/krb5.keytab for now, although I'd like to move
that), so that it can attach to my provider?
I am considering a cron job on the consumer that issues a "kinit
--keytab=..." every so often, but that seems inelegant.
Is there a way to get the syncrepl process to obtain it's own ticket
using the keytab? I see a credentials=<password> option in the syncrepl
config -- is there a similar (undocumented?) keytab=<keytabfile>
Any help is appreciated!
I've been testing syncRepl with GSSAPI.
I suggest you use the k5start utility:
and combine that with svcscan to create a process that will continually
keep a ticket alive for you.
Then simply set the KRB5CCNAME environment variable in the startup script
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html