kerberos junit test
Brandon Allbery
ballbery at sinenomine.net
Thu May 7 14:21:47 EDT 2015
On Thu, 2015-05-07 at 17:08 +0200, Fabrice Bacchella wrote:
> I can always provide a keytab for both the server and the client, so I
> don't need to have a kdc running. But how can I have the service
> ticket (host/localhost at DOMAIN) ? To get it I need a running KDC. If I
> put it in the keytab, it will be expire, right ?
You appear to have, among other things, some confusion about the
difference between a key (which keytabs store) and tickets (which
clients supply to servers, and which must be generated by a KDC although
they can be cached from generation and delivery to client until
expiration in a ccache). You cannot generate a service ticket from a
service key yourself.
http://web.mit.edu/kerberos/dialogue.html is a nice basic introduction
to how Kerberos works.
--
brandon s allbery kf8nh sine nomine associates
allbery.b at gmail.com ballbery at sinenomine.net
unix openafs kerberos infrastructure xmonad http://sinenomine.net
More information about the Kerberos
mailing list