TGT from keytab w/ preauth required?
Michael B Allen
mba2000 at ioplex.com
Sun May 28 00:06:21 EDT 2006
Hey,
Is there any way to get a TGT from a keytab if preauthentication is
required?
I was looking at krb5_get_init_creds_keytab but that function looks
somewhat useless if preauthentication is required as it appears the salt
is applied to the plaintext password.
Ultimately I want to obtain credentials for a service that runs
indefinitely. I thought it would be easier and more secure to have the
administrator export a keytab with the service principal key and then
copy that to a priviledged location on the service host. The alternative
of using a password requires that the administrator make up and type in
a possibly weak password and then type it in again on the service host.
What's the correct way to do this?
Thanks,
Mike
More information about the krbdev
mailing list