Using KDC's master key to encrypt data

Alejandro Perez Mendez alex at
Thu Aug 9 04:27:09 EDT 2012


as part of the GSS-preauth plugin 
(, I would like 
to encrypt & sign the contents of PA-FX-COOKIE, using some key shared 
amongst all the KDC's belonging to the same realm. I guess that key 
could be the one associated to principal krbtgt, but don't know if there 
exists any other key that I could use for that purpose.

How do I access that key from my preauth plugin?
What function can I use to encrypt the data?

Best regards,

More information about the krbdev mailing list