On 3/30/26 9:42 PM, Ken Hornstein via Kerberos wrote:
Are you referring to the mode of kinit where it runs a command and keeps
it supplied with fresh tickets? MIT Kerberos' kinit does not have that
mode.
Yes that's what I'm referring to. If it's not yet supported by the MIT
kinit, I would certainly recommend that it be added, it's very helpful.
Can't speak for anyone else, but we use "k5start" for this.
Ahh, that looks like the same feature, judging from the man page. Thanks.
As I understand it, k5start will invoke kinit periodically to handle
credential refresh, and so if kinit is configured to use pkinit to get
creds, then it would pick up the cert and key from the file system each
time kinit is invoked (rather than them being read only once when
k5start is first run). Is that correct? If so, that's once less feature
to worry about. :-)
Thanks
Geoff
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
