[38124] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: temporarily granting a TGT for a client coming in with a 3rd

daemon@ATHENA.MIT.EDU (Charles Hedrick)
Tue Nov 21 12:52:01 2017

From: Charles Hedrick <hedrick@rutgers.edu>
To: Greg Hudson <ghudson@mit.edu>
Date: Tue, 21 Nov 2017 17:51:30 +0000
Message-ID: <A96596D0-A944-4433-91FB-EB1231BBA348@rutgers.edu>
In-Reply-To: <5e1e79eb-3777-9266-bcbb-9c0f5915ea7d@mit.edu>
Content-Language: en-US
Content-ID: <E0FD20E98551044FB9C1959A96097558@namprd14.prod.outlook.com>
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

Another approach is kind of iffy from a security point of view, but I have a situation where it’s needed. We have code that will generate any credentials for which it has a keytab, including a TGT. (It’s an MIT person of kimpersonate.) You can transmit it to the other end using krb5_fwd_tgt_creds / krb5_rd_cred.

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38124] in Kerberos

Re: temporarily granting a TGT for a client coming in with a 3rd

daemon@ATHENA.MIT.EDU (Charles Hedrick)Tue Nov 21 12:52:01 2017

daemon@ATHENA.MIT.EDU (Charles Hedrick)
Tue Nov 21 12:52:01 2017