On 26-02-2024 22:54, Marco Gaiarin via samba wrote:> Mandi! Kees van Vloten via samba
> In chel di` si favelave...
>
>>> For a sake of simplicity i'm thinking to use machine account
(-P).
>> There is "net changetrustpw" to do this.
> Ok, i've missed that. Thanks.
>
>
>> If you just have a service that does LDAP-queries, I would create an
>> ordinary user-account for it (and start it's name e.g. with
"svc_").
> This is my first options, i was only speculating...
>
>
>> With this you decide easily how to manage the password. Or if you use
>> kerberos for this account, you can set the password with samba-tool to
a
>> random very long value and use a SPN and keytab for authentication, no
>> hassle with passwords at all...
> Interesting... i supposed that still Kerberos ticket have to be
'upgraded',
> so... there's really a way to generate a 'permanent' kerberos
ticket?
>
> Some info on how to do this? Thanks.
kstart do exactly that, it manages and refreshes the ticket for long
running processes. On Debian it is available as a package, the home page
is here https://www.eyrie.org/~eagle/software/kstart/
- Kees.>