[33162] in Kerberos
Re: keytab to krb5_creds?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Jan 28 17:00:29 2011
From: Russ Allbery <rra@stanford.edu>
To: John Hascall <john@iastate.edu>
In-Reply-To: <14114.1296244140@malison.ait.iastate.edu> (John Hascall's
message of "Fri, 28 Jan 2011 13:49:00 CST")
Date: Fri, 28 Jan 2011 14:00:17 -0800
Message-ID: <874o8s1yfi.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
John Hascall <john@iastate.edu> writes:
> It seems to me that one ought to be able to construct a krb5_creds
> struct given a keytab (and the princ name you want from it)? [probably
> re-inventing a number of wheels due to non-publically visible functions]
The kimpersonate tool that comes with Heimdal does essentially this. Per
the man page:
The kimpersonate program creates a "fake" ticket using the
service-key of the service. The service key can be read from a
Kerberos 5 keytab, AFS KeyFile or (if compiled with support for
Kerberos 4) a Kerberos 4 srvtab.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
