Isn it possible to extract a Kerberos principal into a keyfile for automatic authentication?
Yes. But it’s a BAD idea to implement. We use this Kerberos feature to pass administrative level authentication out to our slave servers for cron jobs and such. However, those keyfiles are kept strictly on critical servers with carefully chosen filesystem permissions, on which no one but CS administrative staff has access. Think about it: if CS provided you with a keyfile for your Kerberos principal you would have to store that file on some workstation in one of its local filesystems such as /export/data01 or /export/oldhome. And if anyone EVER gained access to that file they could become YOU on every LNS system at any time they chose. Now consider that data01 and oldhome directories are NFS exported across the LNS network in the clear, no encryption. CS simply cannot do this, no matter how convenient to the LNS community, for very good security reasons.