Project Review: kinit -C
Tom Yu
tlyu at MIT.EDU
Tue Sep 14 15:38:25 EDT 2010
Luke Howard <lukeh at padl.com> writes:
> Um, can't we use S4U2Self for this? Or am I missing something very obvious?
We actually talked about that on today's conference call. You could
treat the TGS principal as a special S4U2Self requestor, but you'd
still need the KDB keytab to get at the TGS key.
In any case, that's an idea for later improvements. (e.g., so you
could make this work for principals that ordinarily require OTP auth)
More information about the krbdev
mailing list