[16268] in Kerberos_V5_Development
Re: Project Review: kinit -C
daemon@ATHENA.MIT.EDU (Tom Yu)
Tue Sep 14 15:38:29 2010
To: Luke Howard <lukeh@padl.com>
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 14 Sep 2010 15:38:25 -0400
In-Reply-To: <391A3912-1EBF-4EA1-B460-8359359E5B44@padl.com> (Luke Howard's
message of "Tue, 14 Sep 2010 21:34:17 +0200")
Message-ID: <ldv39tcm7ym.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: Sam Hartman <hartmans@mit.edu>, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Luke Howard <lukeh@padl.com> writes:
> Um, can't we use S4U2Self for this? Or am I missing something very obvious?
We actually talked about that on today's conference call. You could
treat the TGS principal as a special S4U2Self requestor, but you'd
still need the KDB keytab to get at the TGS key.
In any case, that's an idea for later improvements. (e.g., so you
could make this work for principals that ordinarily require OTP auth)
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
