keytab to krb5_creds?
John Hascall
john at iastate.edu
Sat Jan 29 17:46:20 EST 2011
Thanks everyone for the hints. Turns out it only took a
couple hundred lines of code to work up a Q+D functional
proof-of-concept.
John
-------------------------------------------------------------------------------
John Hascall, john at iastate.edu
Team Lead, NIADS (Network Infrastructure, Authentication & Directory Services)
IT Services, The Iowa State University of Science and Technology
> John Hascall <john at iastate.edu> writes:
>
> > It seems to me that one ought to be able to construct a krb5_creds
> > struct given a keytab (and the princ name you want from it)? [probably
> > re-inventing a number of wheels due to non-publically visible functions]
>
> The kimpersonate tool that comes with Heimdal does essentially this. Per
> the man page:
>
> The kimpersonate program creates a "fake" ticket using the
> service-key of the service. The service key can be read from a
> Kerberos 5 keytab, AFS KeyFile or (if compiled with support for
> Kerberos 4) a Kerberos 4 srvtab.
>
> --
> Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
>
More information about the Kerberos
mailing list