Seamless Kerberos connection on Windows
About this task
- Renew the TGT before its renewable time.
- Regenerate the token before expiry.
- Requires MIT Kerberos to be installed and configured.
- Keytab file is already present for the said principal.
- The following environment variables are set:
- TGT_EXPIRY_DAYS: number of days after which this TGT will expire, and can no longer be renewed (specify value in days)
- TGT_RENEWAL_HOURS: number of hours within which this TGT needs to be renewed (specify value in hours)
- KRB5CCNAME: path to the cache file
- KEYTAB_FILE_PATH: path to keytab file for this principal
- From command line run “Where kinit" command should point MIT KerberosFor example: C:\Kerbores\Campaign\bin>where kinitC:\Program Files\MIT\Kerberos\bin\kinit.exe
- Copy the Keytab file to the Campaign System for the principal you want to authenticate.