[Samba] Samba 4 kerberos and kinit

Andrew Bartlett abartlet at samba.org
Thu Jan 12 00:49:45 MST 2012


On Thu, 2012-01-12 at 06:15 +0100, Gémes Géza wrote:
> 2012-01-11 23:48 keltezéssel, steve írta:
> > Hi
> > After starting Samba 4, before anyone can do anything, Administrator
> > has to do a kinit to get a new ticket. This creates a cache
> > /tmp/krb5cc_0 with an expiry time.
> >
> > I've created a host principal and put it into the keytab:
> > samba-tool spn add host someuser
> > samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/HH3.SITE
> >
> > How can I keep Samba 4 up without having to get a new Administrator
> > ticket every 10 hours?
> >
> > Thanks,
> > Steve
> >
> >
> That looks really strange.

Indeed.  Samba does not require a valid ticket in /tmp/krb5cc_0 to
operate.  It creates it's own internal credentials cache when required
using the machine account password.

Something else is going on here.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org




More information about the samba mailing list