On Thu, Apr 24, 2014 at 9:06 PM, Josh Clum <[email protected]> wrote:
> What would be the key things I would need to get from the Tgt? > > all those that are needed to build a keytab ;) (let me know if you don't find a particular piece of data in TgTicket) > > On Thu, Apr 24, 2014 at 9:33 AM, Kiran Ayyagari <[email protected]>wrote: > >> >> >> >> On Thu, Apr 24, 2014 at 6:57 PM, Josh Clum <[email protected]> wrote: >> >>> I was wondering if there was a way to generate my own keytab in java >>> without going to the kdc? I found code similar to this in an ApachDS test: >>> >>> Keytab keytab = Keytab.getInstance(); >>> KerberosTime timeStamp = new >>> KerberosTime(KerberosUtils.UTC_DATE_FORMAT.parse("20070217235745Z")); >>> >>> Map<EncryptionType, EncryptionKey> keys = KerberosKeyFactory >>> .getKerberosKeys(principalName, userPassword); >>> >>> >>> >>> KeytabEntry keytabEntry = new KeytabEntry( >>> principalName, >>> 1L, >>> timeStamp, >>> (byte) 0, >>> keys.get(EncryptionType.DES_CBC_MD5)); >>> >>> List<KeytabEntry> entry = Arrays.asList(keytabEntry); >>> >>> keytab.setEntries(entry); >>> >>> keytab.write(keytabFile); >>> >>> return keytabFile; >>> >>> I'm able to a klist on a keytab that i create: >>> >>> Vno Type Principal Date Aliases >>> >>> 0 des-cbc-md5 ssh/[email protected] 2007-02-17 >>> >>> >>> Also, if this is not possible, is there a way to programmatically get a >>> keytab using ApacheDS or any other java library? >>> >>> one way to do this is to use KdcConnection to obtain a TgTicket and >> create KeyTab from the details of TgTicket >> >> >> >> -- >> Kiran Ayyagari >> http://keydap.com >> > > -- Kiran Ayyagari http://keydap.com
