Install support Kerberos to your computer. In Ubuntu distribution install packages krb5-user
and krb5-config
, in OpenSuse packages install krb5
and krb5-client
packages. During the installation process, you may be asked for REALM and kdc servers. Both fields leave blank. To correct configuration use our version of the file krb5.conf
. If something have to be fill in (the system doesn't allow empty fields), use EINFRA for REALM and kdc1.cesnet.cz
for kdc server. It is necessary to set /etc/krb5.conf file. The easiest way is to copy from this site.
If you want to use your own file and you have MIT kerberos with version 1.4 or higher or Heimdal with version 1.3 or higher, add to the section [libdefaults] in krb5.conf file allow_weak_crypto = true option. It is necessary to set KDC servers with EINFRA realm and the same realm as default.
If the installation process was performed correctly then you can use command kinit
to get kerberos ticket. Existence of new ticket can be verified by klist
.
$ kinit user@EINFRA Password for user@EINFRA: $ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: user@EINFRA Valid starting Expires Service principal 27/06/2012 13:52 28/06/2012 13:52 krbtgt/EINFRA@EINFRA $
Kerberos tickets have set a expiration time. The standard duration is one day. After one day you need to generate a new ticket (use kinit again).
You can also create renewable tickets by using kinit -r number_of_days
. This ticket can be restore by command kinit -R' (and you won't be prompted to enter your password).
kinit -R'' can be used for a maximum of number_of_days (which is limited to 8). After that it is necessary to make a new ticket.