RHEL: Getting current kerberos/Kinit user ID after login?

Paul asked:

I am connecting by SSH to a RHEL6 server.

When I SSH into the box, I am challenged for my linux username/password (which is a shared account)

username: mySharedLinuxUser

pass for mySharedLinuxUser: password123

then I am prompted again for my personal employee number and personal network password:

domain username: 111222

passowrd for [email protected]: my$uper$ecurePasswordHere

I believe the latter bit is done with Kerberos (I see references to ‘kinit’ which I’ve learned is a kerberos thing).

However, the kerberos docs are vast and confusing and I am but a mere confused java dev.

How can I print the kerberos usernae/employee number ‘111222’ after I’ve already logged in?

for example, if I wanted to do person-specific logging while someone is logged in as a service account (“John deployed .war file 1234.war at 6:15am using the generic account… Mary deployed .war file 4321.war at 7:21am using the generic account” etc)

I’m sure the server already does this somewhere for audit purposes, but I can’t find any examples of it.


My answer:

You can use the klist command to show your Kerberos principal and cached tickets. For example:

$ klist
Ticket cache: KCM:1000
Default principal: [email protected]

Valid starting       Expires              Service principal
08/13/2019 15:00:46  08/14/2019 15:00:23  krbtgt/[email protected]
        renew until 08/20/2019 15:00:23

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.