Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

Configuring Delayed Execution for Access to Kerberos Services

In the default Kerberos environment, credentials expire after a limited amount of time. For processes that can execute at arbitrary times, such as cron and at, the limited time presents a problem. This procedure describes how to configure the Kerberos environment to support delayed execution processes that require authenticated services through Kerberos. Oracle Solaris provides PAM modules, uses service keys, and uses kclient configuration options to make delayed execution with Kerberos authentication possible and more secure than alternative solutions.

Note -  If the cron server becomes compromised, an attacker could impersonate users to gain access to target services that are configured for the cron server. Therefore, consider that the cron host that is configured in this procedure as a more sensitive system, as it provides intermediate services for users.