kcroninit will create the necessary cron principal and keytab file so that cron jobs may be authenticated as the user. Typical usage (on each node where cron jobs need to be authenticated, either for AFS tokens or for remote access to other kerberos systems):

  1. Create the cron principal and keytab file: 
    	$ setup kcroninit
	$ kcroninit
    You will need to enter your kerberos principal and password, so you MUST BE ON A SECURE CHANNEL. This will create the new principal "user/cron/host.domain@REALM" for the current host, and will write the corresponding keytab file.

  2. Use the "kcron" command to initiate the cron jobs in an authenticated manner. Note that you will need to specify the full path to "kcron", since this is not normally in your PATH at the start of a cron job. A sample crontab entry might look like: 
    	0 2 * * 0,4 /usr/krb5/bin/kcron /home/files/myjob -ak
    where the command "/home/files/myjob -ak" is authenticated as "user/cron/host.domain@REALM". If authentication is needed only for access to the user's AFS files, this is sufficient.

  3. For access to remote systems, the .k5login file on the remote end must allow access to "user/cron/host.domain@REALM".

  4. To destroy the principal and keytab file (and prevent authenticated cron jobs from running on this node): 
    	$ setup kcroninit
	$ kcrondestroy