1
I have set up a ubuntu 16.04 machine and integrated it into a windows active directory domain environment using this guide: https://www.unixmen.com/how-to-join-an-ubuntu-desktop-into-an-active-directory-domain/
I use kerberos authentication for several services (cifs, http etc.)
Login works fine and with $ klist
i see a valid ticket after login which is valid for 10h and renewable for 7 days.
Service principal is krbtgt/EXAMPLE.COM@EXAMPLE.COM
The machine needs to be online 24/7 and i need to request a new ticket before it gets invalid.
I renew my ticket with a krenew
deamon
running $ krenew -i -K 10
at login. This also works fine!
But this only works until the renew lifetime expires.
I can manually request a ticket with $ kinit
but i have to type in the user password.
My question is how can i automate the ticket request every 5 days?
I have read about $ kinit -v which should use the current credentials cache to authenticate for the ticket request but it doesn't work:
kinit: KDC can't fulfill requested option while validating credentials
I also read that i would need to create a keytab in this case. Is this true? If yes - How to create it?
Can anyone help?
i created a cronjob
0 6 */5 * * echo *password*|kinit
but this is just a temporary solution as you might guress... – dynamight – 2016-12-06T12:13:29.097