keytab to krb5_creds?

John Hascall john at iastate.edu
Sat Jan 29 17:46:20 EST 2011



Thanks everyone for the hints.  Turns out it only took a
couple hundred lines of code to work up a Q+D functional
proof-of-concept.

John

-------------------------------------------------------------------------------
John Hascall, john at iastate.edu
Team Lead, NIADS (Network Infrastructure, Authentication & Directory Services)
IT Services, The Iowa State University of Science and Technology

> John Hascall <john at iastate.edu> writes:
> 
> > It seems to me that one ought to be able to construct a krb5_creds
> > struct given a keytab (and the princ name you want from it)?  [probably
> > re-inventing a number of wheels due to non-publically visible functions]
> 
> The kimpersonate tool that comes with Heimdal does essentially this.  Per
> the man page:
> 
>      The kimpersonate program creates a "fake" ticket using the
>      service-key of the service.  The service key can be read from a
>      Kerberos 5 keytab, AFS KeyFile or (if compiled with support for
>      Kerberos 4) a Kerberos 4 srvtab.
> 
> -- 
> Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>
> 




More information about the Kerberos mailing list