Keytab Renewal and Distribution Service

[Benoy Antony <ba...@gmail.com>]

Hi All,

We have an environment where developers could create VMs/Docker Containers
and run periodic jobs . Since our clusters need Kerberos Authentication,
the each client need a unique principal and  Keytabs.  The number of
clients could be in thousands.

Due to security policy , we have to change passwords of these  accounts
periodically or on demand and update the keytabs. We are looking for a
service which can renew passwords and provide new keytabs to the clients.

Are there any open source tools which can renew keytabs and provide them to
authorized clients ?

If none exists, I am planning to develop one. If anyone is interested in
co-developing it in github, please let me know. If you prefer, you can
unicast to benoy@apache.org .


thanks and regards,
Benoy Antony