Why Use Leash?

Leash is a graphical system-tray tool designed to manage for Kerberos tickets on Microsoft Windows.  Leash is used to obtain Kerberos tickets, change your Kerberos password, and obtain Andrew File System (AFS) tokens.

Leash combines the functionality of several command line tools a user would use to manage Kerberos functions: kinit, klist, kdestroy, ms2mit, aklog, and passwd or kpasswd. Leash combines all of these functions into one user interface and supports  auto-renewal or user notification when tickets are approaching expiration.

There are many ways to execute Leash. In addition to clicking on a Leash shortcut, you can start Leash from the Windows command Prompt or Run... option.  Command-line options may be specified.  If you run Leash with the options -i or -kinit, it will display the ticket initialization dialog and exit; -m or –ms2mit or –import will import tickets from the Microsoft Windows logon session (if available) and exit; -d or -destroy will destroy all existing tickets and exit; -r or –renew will renew existing Kerberos tickets (if possible) and exit; -a or –autoinit will display the ticket initialization dialog if you have no Kerberos tickets. 

You may create a shortcut to Leash within your Windows Startup folder (Start Menu->Programs->Startup).   A shortcut to “Leash32.exe –autoinit” ensures that Kerberos tickets are available for the use of Kerberized applications throughout your Windows logon session.

If Leash is not executed before using a Kerberized application, the application may prompt you for your password. Some applications, like lpr, never prompt you for a password. These applications simply terminate with a message indicating that you are not authenticated. Before these applications can successfully be used a separate program, such as Leash or kinit, must be used to first authenticate you using Kerberos. 

Leash does not perform a logon in the sense of the Windows Logon Service.  A logon service would do more than manage Kerberos tickets. A logon service would authenticate you to the local machine, validate access to your local file system and performs additional set-up tasks. These are beyond the scope of Leash. Leash simply allows you to manage Kerberos tickets on behalf of compatible applications and to change your Kerberos password.