On 10/27/22 12:36, Jeffrey Hutzelman wrote:
You don't need libkadm5 for any of this -- all you need to print a service ticket (even a TGT) is the service's key. Heimdal comes with a program, kimpersonate, which does this and could easily be used as a basis for your impersonation service.
MIT krb5 has a sort-of equivalent: "kinit -k -t KDB: username". The KDC is still in the loop, but no password or keytab for the user is required. (Add "-S krbtgt/OTHERREALM" for a cross-realm TGT.)
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
