Thanks everyone for the hints. Turns out it only took a couple hundred lines of code to work up a Q+D functional proof-of-concept.
John ------------------------------------------------------------------------------- John Hascall, [email protected] Team Lead, NIADS (Network Infrastructure, Authentication & Directory Services) IT Services, The Iowa State University of Science and Technology > John Hascall <[email protected]> writes: > > > It seems to me that one ought to be able to construct a krb5_creds > > struct given a keytab (and the princ name you want from it)? [probably > > re-inventing a number of wheels due to non-publically visible functions] > > The kimpersonate tool that comes with Heimdal does essentially this. Per > the man page: > > The kimpersonate program creates a "fake" ticket using the > service-key of the service. The service key can be read from a > Kerberos 5 keytab, AFS KeyFile or (if compiled with support for > Kerberos 4) a Kerberos 4 srvtab. > > -- > Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
