On Aug 23, 2006, at 3:43, Olfmatic wrote: > I understand your warnings. But it is not possible to add the > service to the realm, because it is running on a host that is not > in the same windows domain and not in the same kerberos realm. To > be more precise, it is not running in a kerberos realm at all and > thus is not really a kerberos service.
If you already have the ability to modify the application client and server code to send and verify the TGT, then the only thing preventing you from doing the same with a normal service ticket would be your KDC. In which case, you're not talking about the MIT KDC, and then I can't help you with getting the TGT key out. But I'd be really surprised if a Windows KDC couldn't be convinced to add an arbitrary service principal somehow. (But since I don't play around with Windows KDCs much, I couldn't tell you how to do it without doing all the same Google searches that you'd expect to have to do.) Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
