KfW starting and stopping Network Identity Manager - Kerberos

This is a discussion on KfW starting and stopping Network Identity Manager - Kerberos ; Is it possible to start the Network Identity Manager (netidmgr.exe) WITHOUT prompting for credentials? I'd like to have it start on boot, but I just want it to start minimized in the system tray even if there are no credentials. ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: KfW starting and stopping Network Identity Manager

  1. KfW starting and stopping Network Identity Manager

    Is it possible to start the Network Identity Manager (netidmgr.exe)
    WITHOUT prompting for credentials?

    I'd like to have it start on boot, but I just want it to start minimized
    in the system tray even if there are no credentials. I'd prefer it wait
    until an application (eg, WinCVS,TortoiseCVS using ssh/gssapi) actually
    attempts to retrieve credentials before it prompts for anything.

    I've tried using no options and I've tried with -a, but in either
    case it prompts for credentials.

    On the flip side, stopping the Network Identity Manager. Is there a
    "correct" way to cleanly stop it from the command line? I've tried using
    "-k" (like krbcc32s.exe) but it doesn't appear to be supported. The only
    way I've been able to terminate the process is to kill it. Again, I'm
    looking for a way to close it from the command line.

    And no matter how it's killed, even by doing right-click->Exit, on the
    tray icon, the krbcc32s.exe process seems to remain running. I then need
    to kill it with "krbcc32s -k". If netidmgr closes shouldn't it close
    krbcc32s? Is there a valid reason krbcc32s is left running?

    Are there any other processes that might be left running other then
    krbcc32s?
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: KfW starting and stopping Network Identity Manager

    petesea@bigfoot.com wrote:
    > Is it possible to start the Network Identity Manager (netidmgr.exe)
    > WITHOUT prompting for credentials?


    > I'd like to have it start on boot, but I just want it to start minimized
    > in the system tray even if there are no credentials. I'd prefer it wait
    > until an application (eg, WinCVS,TortoiseCVS using ssh/gssapi) actually
    > attempts to retrieve credentials before it prompts for anything.


    This is an option that is set on the Options->General page.

    > I've tried using no options and I've tried with -a, but in either
    > case it prompts for credentials.
    >
    > On the flip side, stopping the Network Identity Manager. Is there a
    > "correct" way to cleanly stop it from the command line? I've tried using
    > "-k" (like krbcc32s.exe) but it doesn't appear to be supported. The only
    > way I've been able to terminate the process is to kill it. Again, I'm
    > looking for a way to close it from the command line.


    There is no method to use one instance of NetIdMgr to terminate
    an instance that is already running.

    > And no matter how it's killed, even by doing right-click->Exit, on the
    > tray icon, the krbcc32s.exe process seems to remain running. I then need
    > to kill it with "krbcc32s -k". If netidmgr closes shouldn't it close
    > krbcc32s? Is there a valid reason krbcc32s is left running?
    >
    > Are there any other processes that might be left running other then
    > krbcc32s?


    krbcc32s.exe is the credential cache server. This process is not part
    of NetIDMgr.exe. It will be started whenever an application loading
    the krb5 or krb4 or gss libraries is started.

    Why do you want these processes shutdown?

  3. Re: KfW starting and stopping Network Identity Manager

    On Fri, 21 Apr 2006, Jeffrey Altman wrote:

    > petesea@bigfoot.com wrote:
    >
    >> I'd like to have it start on boot, but I just want it to start
    >> minimized in the system tray even if there are no credentials. I'd
    >> prefer it wait until an application (eg, WinCVS,TortoiseCVS using
    >> ssh/gssapi) actually attempts to retrieve credentials before it prompts
    >> for anything.

    >
    > This is an option that is set on the Options->General page.


    Ah OK... I'm sure I played with that before but didn't get quite the
    behavior I wanted. Now I believe that was probably before I figured
    out how to start netidmgr minimized and I was confusing "minimized"
    behavior with "prompt for credentials" behavior.

    I actually need it to start in 2 slightly different ways, one way during
    the initial install and another when the system boots. But I believe I
    now have the correct combination of how to start minimized and when to use
    the --autoinit option.

    > There is no method to use one instance of NetIdMgr to terminate an
    > instance that is already running.


    So is killing the process the "correct" way to terminate it from the
    command line? I'm actually killing it from a Cygwin-based Perl script via
    "/bin/kill -f PID" . I'd prefer to use a more "friendly" way to tell
    netidmgr to shutdown, but so far killing it's the only way I've found.
    (See below for reasons why I need it to shutdown.)

    >> Are there any other processes that might be left running other then
    >> krbcc32s?

    >
    > krbcc32s.exe is the credential cache server. This process is not part
    > of NetIDMgr.exe. It will be started whenever an application loading the
    > krb5 or krb4 or gss libraries is started.
    >
    > Why do you want these processes shutdown?


    My company uses an internal application to distribute packages to the
    developers. I'm creating an integrated package for CVS/Subversion access
    via SSH (probably PuTTY) and KfW. The package will (eventually) contain
    all the components needed to access our CVS/SVN servers (eg. KfW, PuTTY,
    WinCVS, etc).

    In other words, I'm not using the standard KfW installer/uninstaller, so
    when there's a new version of my package available I need to shutdown any
    running KfW processes before I can upgrade the files.

    Other then netidmgr and krbcc32s, are there any other processes I might
    need to look for? And if so, do any of these have a "correct" way to shut
    them down? NOTE: KfW is only used by SSH (currently a GSSAPI-enabled
    version of PuTTY).
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  4. Re: KfW starting and stopping Network Identity Manager

    petesea@bigfoot.com wrote:
    > So is killing the process the "correct" way to terminate it from the
    > command line? I'm actually killing it from a Cygwin-based Perl script via
    > "/bin/kill -f PID" . I'd prefer to use a more "friendly" way to tell
    > netidmgr to shutdown, but so far killing it's the only way I've found.
    > (See below for reasons why I need it to shutdown.)


    You could write a small application that sends a window message to
    NetIDMgr to shut it down. However, there is no state maintained by
    NetIDMgr that must be safed at shutdown so simply killing the process
    is fairly safe. The only thing is that the icon in the taskbar will
    not be removed.

    > Other then netidmgr and krbcc32s, are there any other processes I might
    > need to look for? And if so, do any of these have a "correct" way to shut
    > them down? NOTE: KfW is only used by SSH (currently a GSSAPI-enabled
    > version of PuTTY).


    There are other applications that will load the MIT libraries including
    Mozilla's Firefox and Thunderbird, several FTP clients, Eudora, X
    Windows packages, etc. Your installer needs to be able to identify
    file usage and either instruct the user to exit the applications or
    be prepared to wait until a reboot to complete the upgrade.

    Jeffrey Altman

  5. Re: KfW starting and stopping Network Identity Manager


    > > Other then netidmgr and krbcc32s, are there any other processes I might
    > > need to look for? And if so, do any of these have a "correct" way to shut
    > > them down? NOTE: KfW is only used by SSH (currently a GSSAPI-enabled
    > > version of PuTTY).

    >
    > There are other applications that will load the MIT libraries including
    > Mozilla's Firefox and Thunderbird, several FTP clients, Eudora, X
    > Windows packages, etc. ...


    Also the SecureCRT SSH from vandyke.com. It actually gives a choice
    between using an external GSSAPI library (e.g. KfW), or SSPI.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread