[36965] in Kerberos
Re: kerberos junit test
daemon@ATHENA.MIT.EDU (Brandon Allbery)
Thu May 7 14:22:10 2015
From: Brandon Allbery <ballbery@sinenomine.net>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Thu, 7 May 2015 18:21:47 +0000
Message-ID: <1431022907.24711.3.camel@vikktakkht>
In-Reply-To: <46F8C98D-F02A-44D6-965C-7845E3DF3156@orange.fr>
Content-Language: en-US
Content-ID: <5966090DC22F3D4296089C105127CFA9@mex05.mlsrvr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, 2015-05-07 at 17:08 +0200, Fabrice Bacchella wrote:
> I can always provide a keytab for both the server and the client, so I
> don't need to have a kdc running. But how can I have the service
> ticket (host/localhost@DOMAIN) ? To get it I need a running KDC. If I
> put it in the keytab, it will be expire, right ?
You appear to have, among other things, some confusion about the
difference between a key (which keytabs store) and tickets (which
clients supply to servers, and which must be generated by a KDC although
they can be cached from generation and delivery to client until
expiration in a ccache). You cannot generate a service ticket from a
service key yourself.
http://web.mit.edu/kerberos/dialogue.html is a nice basic introduction
to how Kerberos works.
--
brandon s allbery kf8nh sine nomine associates
allbery.b@gmail.com ballbery@sinenomine.net
unix openafs kerberos infrastructure xmonad http://sinenomine.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
