keytab to krb5_creds?

John Hascall john at
Sat Jan 29 17:46:20 EST 2011

Thanks everyone for the hints.  Turns out it only took a
couple hundred lines of code to work up a Q+D functional


John Hascall, john at
Team Lead, NIADS (Network Infrastructure, Authentication & Directory Services)
IT Services, The Iowa State University of Science and Technology

> John Hascall <john at> writes:
> > It seems to me that one ought to be able to construct a krb5_creds
> > struct given a keytab (and the princ name you want from it)?  [probably
> > re-inventing a number of wheels due to non-publically visible functions]
> The kimpersonate tool that comes with Heimdal does essentially this.  Per
> the man page:
>      The kimpersonate program creates a "fake" ticket using the
>      service-key of the service.  The service key can be read from a
>      Kerberos 5 keytab, AFS KeyFile or (if compiled with support for
>      Kerberos 4) a Kerberos 4 srvtab.
> -- 
> Russ Allbery (rra at             <>

More information about the Kerberos mailing list