[Samba] kinit username@REALM

Gerald (Jerry) Carter jerry at samba.org
Mon Sep 6 11:21:50 GMT 2004

Hash: SHA1

Joseph wrote:

| Do I need to do the command "kinit username at REALM"
| every single time I boot up my system?
| Also, why does the kinit "username" not accept the
| winbind separator "+"?  For example:  "kinit
| domain+user at REALM" instead of just "user at REALM".

The domain is implied by the REALM.  The domain is just
a backwards compatible means in AD domains to specify the realm
for NTLM authentication.

| I have my system setup to login via gdm with my domain
| user account (which uses the winbind separator "domain+user"),
| so why can't kinit login at that time?  This would make it
| seamless, instead of having to open a command line each time
| the system boots and manually running the kinit command.

You should probably look at the pam_krb5 module instead
of pam_winbind if you want to deal with krb5 tickets.
See the 'creds' pam_krb5 option for maintaining the ticket

cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)

Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list