TGT from keytab w/ preauth required?
jaltman at MIT.EDU
Sun May 28 00:11:09 EDT 2006
When using passwords a salt is applied as part of the process of
deriving the key. When using a key tab, the key has already been
derived using the correct salt.
Michael B Allen wrote:
> Is there any way to get a TGT from a keytab if preauthentication is
> I was looking at krb5_get_init_creds_keytab but that function looks
> somewhat useless if preauthentication is required as it appears the salt
> is applied to the plaintext password.
> Ultimately I want to obtain credentials for a service that runs
> indefinitely. I thought it would be easier and more secure to have the
> administrator export a keytab with the service principal key and then
> copy that to a priviledged location on the service host. The alternative
> of using a password requires that the administrator make up and type in
> a possibly weak password and then type it in again on the service host.
> What's the correct way to do this?
> krbdev mailing list krbdev at mit.edu
More information about the krbdev