temporarily granting a TGT for a client coming in with a 3rd party authn system
hedrick at rutgers.edu
Tue Nov 21 12:51:30 EST 2017
Another approach is kind of iffy from a security point of view, but I have a situation where it’s needed. We have code that will generate any credentials for which it has a keytab, including a TGT. (It’s an MIT person of kimpersonate.) You can transmit it to the other end using krb5_fwd_tgt_creds / krb5_rd_cred.
More information about the Kerberos