KerbMinder - Any way to use the login password instead of prompting?

Question

We're getting ready to deploy KerbMinder in our environment. The first time KerbMinder needs to renew the user's ticket it prompts for the user's password, whereupon it can save the password in the user's Keychain.

I'm being asked if there is a way to avoid having KerbMinder prompt for the user's password, perhaps by reading the user's password out of their Keychain. I can't see how this would be possible without essentially hacking the Keychain to steal the user's password, but wanted to run it by the folks here.

Alternatively, is there a way accomplish this without KerbMinder in a way that does not interact with the user?

mm2270 · Answer

Not possible. If it were easy to extract the login keychain's password, it wouldn't be very secure. And we would never need to delete user's login.keychain's when they've forgotten their old password and it doesn't unlock. (but we do because its not possible (or at least not feasible) to crack it)

You could script something that would use either Applescript or cocoaDialog to ask the user for their password at login, explaining it will only be used to set up KerbMinder (or whatever you want to mention here) and then perhaps use that captured password to set up the keychain entry. I don't know much about KerbMinder or what it stores, so I can't help there, but it may be possible that way.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded