aboutsummaryrefslogtreecommitdiff
path: root/README
blob: c66eaa6c8cbbaecb9aba8248a6214eee3923a6ec (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
krb5-auth-dialog is a simple dialog that monitors kerberos tickets, and
pops up a dialog when they are about to expire.  Eventually, we expect
it to be part of GNOME.

Configuration:
Configuration settings are handled via gconf.

You can set the principal that is used to acquire tickets via:
gconftool-2 --type=string --set /apps/krb5-auth-dialog/principal "principal@YOUR.REALM"

You can hide the tray icon via:
gconftool-2 --type=bool --set /apps/krb5-auth-dialog/show_trayicon false

You can set the time of the first password prompt via:
gconftool-2 --type=int --set /apps/krb5-auth-dialog/prompt_minutes 30

You can set the principals pkinit identifier via:
gconftool-2 --type=string --set /apps/krb5-auth-dialog/pk_userid "FILE:/path/to/user.pem,/path/to/user.key"
or if you're using a smartcard:
gconftool-2 --type=string --set /apps/krb5-auth-dialog/pk_userid "PKCS11:/usr/lib/opensc/opensc-pkcs11.so"

A note on translations:
Kerberos doesn't translate either its prompts or its error messages.
As the prompt is very visible, we need to translate it externally.  To
do this, the etpo binary in etpo/ can be used to extract the public
strings that kerberos uses.  We are checking that in for now, until
kerberos gets translated.

Requesting a TGT via DBus:
You can request a ticket granting ticket via DBus:

 dbus-send --print-reply --type=method_call \
              --dest=org.gnome.KrbAuthDialog \
               /org/gnome/KrbAuthDialog \
               org.gnome.KrbAuthDialog.acquireTgt \
               string:'principal'

If the sent principal doesn't match the one currently in the ticket cache the
request fails. To request a TGT for the "default" principal use string:''.
bgstack15