TGT from keytab w/ preauth required?
Jeffrey Altman
jaltman at MIT.EDU
Sun May 28 00:11:09 EDT 2006
When using passwords a salt is applied as part of the process of
deriving the key. When using a key tab, the key has already been
derived using the correct salt.
Jeffrey Altman
Michael B Allen wrote:
> Hey,
>
> Is there any way to get a TGT from a keytab if preauthentication is
> required?
>
> I was looking at krb5_get_init_creds_keytab but that function looks
> somewhat useless if preauthentication is required as it appears the salt
> is applied to the plaintext password.
>
> Ultimately I want to obtain credentials for a service that runs
> indefinitely. I thought it would be easier and more secure to have the
> administrator export a keytab with the service principal key and then
> copy that to a priviledged location on the service host. The alternative
> of using a password requires that the administrator make up and type in
> a possibly weak password and then type it in again on the service host.
>
> What's the correct way to do this?
>
> Thanks,
> Mike
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list