New features for Kerberos in the Oracle Solaris 11.2 release include the following:
Kerberos supports authenticated batch jobs that run at arbitrary times. Commands that enable delayed execution, at, batch, and cron, can use Kerberos services without requiring manual intervention to provide authentication. For more information, see Configuring Delayed Execution for Access to Kerberos Services.
You can automatically configure Kerberos clients with the Automated Installer (AI). These clients are immediately capable of hosting Kerberized services. Automatically provisioning a Kerberos client system during install time enables administrators to quickly and easily deploy a secure infrastructure, which frees up valuable system administrator resources.
The installed client systems do not require additional steps to specify the Kerberos configuration and create Kerberos service keys for the system.
Different options are possible when providing the Kerberos service keys for the client systems.
For more information about configuring Kerberos through the Automated Installer, see How to Configure Kerberos Clients Using AI in Installing Oracle Solaris 11.2 Systems .
The ktkt_warn service is disabled by default. You must explicitly enable it to warn users of initial TGT credential expiration or to automatically renew a user's initial credential. For more information, see Automatically Renewing All Ticket-Granting Tickets.
For information about the history of Kerberos in Oracle Solaris, see Components of Various Kerberos Releases in Oracle Solaris 11.1 Administration: Security Services.