Kerberos uses the credentials in a Ticket Granting Ticket (TGT) to verify the identity of users and control access to services. Depending on your environment, you will need to establish a procedure for obtaining a TGT.

For Windows Active Directory configurations, Active Directory automatically obtains a TGT.

For non-Active Directory configurations, you can enable the application to obtain a TGT in one of two ways. First, you can automate the method of obtaining the TGT as with a keytab. Second, you can require the application user to obtain the TGT with a kinit command when logging on.

A TGT can be obtained directly with a kinit command to the Kerberos server. For example, the following command requests a TGT from the server with a lifetime of 10 hours, which is renewable for 5 days.

kinit -l 10h -r 5d user@REALM
Note: The klist command can be used on Windows or UNIX/Linux systems to verify that a TGT has been obtained.

Refer to your Kerberos documentation for more information on automating the process of obtaining a TGT.