Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Isn it possible to extract a Kerberos principal into a keyfile for automatic authentication?

authentication automatic Extract Kerberos keyfile possible Principal
0
Posted

Isn it possible to extract a Kerberos principal into a keyfile for automatic authentication?

0 CommentsAdd a Comment

1 Answer

0

Yes. But it’s a BAD idea to implement. We use this Kerberos feature to pass administrative level authentication out to our slave servers for cron jobs and such. However, those keyfiles are kept strictly on critical servers with carefully chosen filesystem permissions, on which no one but CS administrative staff has access. Think about it: if CS provided you with a keyfile for your Kerberos principal you would have to store that file on some workstation in one of its local filesystems such as /export/data01 or /export/oldhome. And if anyone EVER gained access to that file they could become YOU on every LNS system at any time they chose. Now consider that data01 and oldhome directories are NFS exported across the LNS network in the clear, no encryption. CS simply cannot do this, no matter how convenient to the LNS community, for very good security reasons.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.