Project Review: kinit -C

[Luke Howard]

>   The administrator of a Kerberos database has access to all user keys
>   within that database. This is sufficient to impersonate any user.
>   Today, no convenient user interface is provided for logging in as a
>   given user without changing that user's passowrd. This project proposes
>   to add a -c (cheat) option to kinit. If this option is supplied, then
>   the key will be extracted from the database rather than prompting for a
>   password. This option requires that kinit be run on a KDC with read
>   access to the Kerberos database and stash file.

Um, can't we use S4U2Self for this? Or am I missing something very obvious?

-- Luke