directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Clum <joshc...@gmail.com>
Subject Re: Manual Keytab Creation
Date Thu, 24 Apr 2014 15:36:28 GMT
What would be the key things I would need to get from the Tgt?


On Thu, Apr 24, 2014 at 9:33 AM, Kiran Ayyagari <kayyagari@apache.org>wrote:

>
>
>
> On Thu, Apr 24, 2014 at 6:57 PM, Josh Clum <joshclum@gmail.com> wrote:
>
>> I was wondering if there was a way to generate my own keytab in java
>> without going to the kdc? I found code similar to this in an ApachDS test:
>>
>>         Keytab keytab = Keytab.getInstance();
>>         KerberosTime timeStamp = new
>> KerberosTime(KerberosUtils.UTC_DATE_FORMAT.parse("20070217235745Z"));
>>
>>         Map<EncryptionType, EncryptionKey> keys = KerberosKeyFactory
>>             .getKerberosKeys(principalName, userPassword);
>>
>>
>>
>>         KeytabEntry keytabEntry = new KeytabEntry(
>>             principalName,
>>             1L,
>>             timeStamp,
>>             (byte) 0,
>>             keys.get(EncryptionType.DES_CBC_MD5));
>>
>>         List<KeytabEntry> entry = Arrays.asList(keytabEntry);
>>
>>         keytab.setEntries(entry);
>>
>>         keytab.write(keytabFile);
>>
>>         return keytabFile;
>>
>> I'm able to a klist on a keytab that i create:
>>
>> Vno  Type         Principal                  Date        Aliases
>>
>>   0  des-cbc-md5  ssh/localhost@EXAMPLE.COM  2007-02-17
>>
>>
>> Also, if this is not possible, is there a way to programmatically get a
>> keytab using ApacheDS or any other java library?
>>
>> one way to do this is to use KdcConnection to obtain a TgTicket and
> create KeyTab from the details of TgTicket
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>

Mime
View raw message