TGT from keytab w/ preauth required?

Michael B Allen mba2000 at
Sun May 28 00:06:21 EDT 2006


Is there any way to get a TGT from a keytab if preauthentication is

I was looking at krb5_get_init_creds_keytab but that function looks
somewhat useless if preauthentication is required as it appears the salt
is applied to the plaintext password.

Ultimately I want to obtain credentials for a service that runs
indefinitely. I thought it would be easier and more secure to have the
administrator export a keytab with the service principal key and then
copy that to a priviledged location on the service host. The alternative
of using a password requires that the administrator make up and type in
a possibly weak password and then type it in again on the service host.

What's the correct way to do this?


More information about the krbdev mailing list