Getting TGTs non-interactively
Fredrik Tolf
fredrik at dolda2000.com
Thu Sep 28 10:32:38 EDT 2006
Hi list!
I'm sure I'm not the only one with the following problem, and I'd like
to know if/how someone else has solved it.
See, there are a lot of places where one would like to obtain a ticket
non-interactively. Apart from such places as cron, where there's
obviously no other choice than to store the key in a keytab, there is
the problem with SSH public-key authentication. I'm thinking that it
should somehow be possible to have the SSH client (which has access to
the private key) decrypt a key for the server, which can then get a TGT
with that key. Is that possible, or is there any other solution that I
haven't thought of.
Similarly, what about HTTPS connections where the client has a client
certificate? Obviously, there *is* a private key involved, but is there
any way the HTTP server can ask the client to decrypt a TGT key for it?
Thank you for your attention!
Fredrik Tolf
More information about the Kerberos
mailing list