kerberos junit test
Greg Hudson
ghudson at mit.edu
Thu May 7 14:29:02 EDT 2015
On 05/07/2015 02:21 PM, Brandon Allbery wrote:
> On Thu, 2015-05-07 at 17:08 +0200, Fabrice Bacchella wrote:
>> I can always provide a keytab for both the server and the client, so I
>> don't need to have a kdc running. But how can I have the service
>> ticket (host/localhost at DOMAIN) ? To get it I need a running KDC. If I
>> put it in the keytab, it will be expire, right ?
> You appear to have, among other things, some confusion about the
> difference between a key (which keytabs store) and tickets (which
> clients supply to servers, and which must be generated by a KDC although
> they can be cached from generation and delivery to client until
> expiration in a ccache). You cannot generate a service ticket from a
> service key yourself.
You certainly can in principle. Heimdal even provides a tool called
"kimpersonate" to do it. But aside from that, implementations don't
generally make it easy.
More information about the Kerberos
mailing list