Working with Kerberos credentials

The LIGO Scientific Collaboration uses Kerberos as an authentication mechanism, both for direct access to services, and to negotiate access to SciTokens.

This is particularly useful in support of automated applications, for which a ‘robot’ Kerberos principal is created, and a secure Kerberos keytab file issued, which allows automating regular creation of access tokens.

API

igwn_auth_utils provides the following methods for interacting with Kerberos:

kinit([principal, keytab, ccache])

Initialise a Kerberos ticket-granting ticket (TGT).