On Thu, 2015-05-07 at 17:08 +0200, Fabrice Bacchella wrote: > I can always provide a keytab for both the server and the client, so I > don't need to have a kdc running. But how can I have the service > ticket (host/localhost@DOMAIN) ? To get it I need a running KDC. If I > put it in the keytab, it will be expire, right ?
You appear to have, among other things, some confusion about the difference between a key (which keytabs store) and tickets (which clients supply to servers, and which must be generated by a KDC although they can be cached from generation and delivery to client until expiration in a ccache). You cannot generate a service ticket from a service key yourself. http://web.mit.edu/kerberos/dialogue.html is a nice basic introduction to how Kerberos works. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix openafs kerberos infrastructure xmonad http://sinenomine.net ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
