Install support Kerberos to your computer. In Ubuntu distribution install packages
krb5-config, in OpenSuse packages install
krb5-client packages. During the installation process, you may be asked for REALM and kdc servers. Both fields leave blank. To correct configuration use our version of the file
krb5.conf. If something have to be fill in (the system doesn't allow empty fields), use EINFRA for REALM and
kdc1.cesnet.cz for kdc server. It is necessary to set /etc/krb5.conf file. The easiest way is to copy from this site.
If you want to use your own file and you have MIT kerberos with version 1.4 or higher or Heimdal with version 1.3 or higher, add to the section [libdefaults] in krb5.conf file allow_weak_crypto = true option. It is necessary to set KDC servers with EINFRA realm and the same realm as default.
If the installation process was performed correctly then you can use command
kinit to get kerberos ticket. Existence of new ticket can be verified by
$ kinit user@EINFRA Password for user@EINFRA: $ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: user@EINFRA Valid starting Expires Service principal 27/06/2012 13:52 28/06/2012 13:52 krbtgt/EINFRA@EINFRA $
Kerberos tickets have set a expiration time. The standard duration is one day. After one day you need to generate a new ticket (use kinit again).
You can also create renewable tickets by using
kinit -r number_of_days. This ticket can be restore by command
kinit -R' (and you won't be prompted to enter your password). kinit -R'' can be used for a maximum of number_of_days (which is limited to 8). After that it is necessary to make a new ticket.