My kinit invocation
Some of my systems use a fingerprint reader to allow user login. On these systems, I use LUKS encryption so don't worry, I still need a passphrase at boot time.
When pam authenticates me with a fingerprint, it doesn't perform kerberos authentication which facilitates things like seamless ssh authentication. So I have to manually run kinit. I always run it with a few parameters:
kinit -r 14d -l 14d -f -p
The r sets renewable life to 14 days. The l (lima) sets the lifetime to 14 days. And f requests a forwardable ticket, and p a proxiable ticket.
See also
Previously, I wrote about showing kerberos ticket status in the system tray.
Comments