Leash is a graphical system-tray tool designed to manage for Kerberos tickets on Microsoft Windows. Leash is used to obtain Kerberos tickets, change your Kerberos password, and obtain Andrew File System (AFS) tokens.
Leash combines the functionality of several command line tools a user would use to manage Kerberos functions: kinit, klist, kdestroy, ms2mit, aklog, and passwd or kpasswd. Leash combines all of these functions into one user interface and supports auto-renewal or user notification when tickets are approaching expiration.
There are many ways to execute Leash. In addition
to
clicking on a Leash shortcut, you can start Leash from the Windows
command
Prompt or Run... option. Command-line
options may be specified. If you run Leash
with the options -i or -kinit, it will display the ticket
initialization dialog
and exit; -m or –ms2mit or –import will import tickets from the
Microsoft
Windows logon session (if available) and exit; -d or -destroy will
destroy all
existing tickets and exit; -r or –renew will renew existing Kerberos
tickets
(if possible) and exit; -a or –autoinit will display the ticket
initialization
dialog if you have no Kerberos tickets.
You may create a shortcut to Leash within your Windows Startup folder (Start Menu->Programs->Startup). A shortcut to “Leash32.exe –autoinit” ensures that Kerberos tickets are available for the use of Kerberized applications throughout your Windows logon session.
If Leash is not executed before using a Kerberized
application, the application may prompt you for your password. Some
applications, like lpr, never prompt you for a password. These
applications
simply terminate with a message indicating that you are not
authenticated. Before
these applications can successfully be used a separate program, such as
Leash
or kinit, must be used to first authenticate you using Kerberos.
Leash does not perform a logon in the sense of the
Windows
Logon Service. A logon service would do
more than manage Kerberos tickets. A logon service would authenticate
you to
the local machine, validate access to your local file system and
performs
additional set-up tasks. These are beyond the scope of Leash. Leash
simply
allows you to manage Kerberos tickets on behalf of compatible
applications and
to change your Kerberos password.