Another approach is kind of iffy from a security point of view, but I have a situation where it’s needed. We have code that will generate any credentials for which it has a keytab, including a TGT. (It’s an MIT person of kimpersonate.) You can transmit it to the other end using krb5_fwd_tgt_creds / krb5_rd_cred.
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos