[EXTERNAL] RE: how to get proxy ticket?
cneberg at sandia.gov
Mon May 13 18:21:47 EDT 2013
Compile krb5-1.11.2/src/tests/gssapi/t_s4u.c and you can test getting tickets for S4U2Self and S4U2Proxy. You'll have to add your own code to cache the tickets to a ccache file. You have to use at least 1.11 to get support for caching creds, but 1.11 also has a bug where it doesn't work against AD.
You also have krb5-1.11.2/src/tests/gssapi/t_s4u2proxy_krb5.c which just does S4U2Proxy without S4U2Self.
Some docs are here
From: krbdev-bounces at mit.edu [mailto:krbdev-bounces at mit.edu] On Behalf Of Wu, James C.
Sent: Monday, May 13, 2013 3:56 PM
To: krbdev at mit.edu
Subject: [EXTERNAL] RE: how to get proxy ticket?
I am trying to keep this conversation alive. Kerberos V5 have S4U2Self and S4U2Proxy.
Is there any command I can use for trying out this two protocols?
From: Wu, James C.
Sent: Monday, May 13, 2013 2:08 PM
To: Wu, James C.; krbdev at mit.edu
Subject: Re: how to get proxy ticket?
I guess I did not ask the right question. What I really want to know is how to have a service to impersonate other user via constraint delegation.
I would like to know if there is any command that I can use.
On 5/13/13 1:51 PM, "Wu, James C." <James.C.Wu at disney.com> wrote:
>I have created a service account and requested a forwardable and
>proxiable ticket for it. Now, I want this service to take on the
>identity of a client, how do I request a proxy ticket? The kinit
>command does not have a proxy ticket option.
>krbdev mailing list krbdev at mit.edu
krbdev mailing list krbdev at mit.edu
More information about the krbdev