[Freeipa-users] Kerberos for cronjoob
Sumit Bose
sbose at redhat.com
Fri Nov 7 08:41:06 UTC 2014
On Thu, Nov 06, 2014 at 10:28:34PM -0500, Dmitri Pal wrote:
> On 11/06/2014 08:20 PM, Thomas Lau wrote:
> >?Hi,
> >
> >Is it possible to renew ticket once in a while for cronjob to run on
> >certain users? How do you guys run cronjob on Kerberos user without
> >getting ticket expire?
> >
> >Sent from my BlackBerry 10 smartphone.
> >
> >
> Here is an example: http://adam.younglogic.com/2013/05/kerberizing-postgresql-with-freeipa-for-keystone/
>
> But starting kerberos 1.11 kerberos library should be able to automatically
> renew the ticket for service accounts
> http://k5wiki.kerberos.org/wiki/Projects/Keytab_initiation
SSSD can renew tickets as well, see krb5_renew_interval option described
in sssd-krb5(5).
Depending on how often your cronjob is run and what is the lifetime of
your tickets you might just call 'kinit -R' at the beginning of the
cronjob.
bye,
Sumit
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list