Authenticating
The former example is very special, because kadmin will not let you authenticate using a ticket. Nevertheless we can get a ticket and see the ticket:
kinit ruth/admin
Password for ruth/admin@REDFLO.DE:
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ruth/admin@REDFLO.DE
Valid starting Expires Service principal
07/21/05 15:57:03 07/22/05 01:57:03 krbtgt/REDFLO.DE@REDFLO.DE
renew until 07/22/05 15:57:03
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
So we authenticated as ruth/admin and got a service principal for the "ticket granting ticket". Sounds complicated. In a simple view, this is just a ticket to automatically get more tickets for other services. What can we do with that ticket? At the moment not very much.
But you may have some questions: Why ruth? Don't i need a entry in the /etc/passwd file?
I choosed ruth to point you to these questions. Unix accounts and kerberos principals may be connected but don't have to be connected. If we want to have a single sign on environment, we have to connect them.
;){kind=link}