directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Manual Keytab Creation
Date Thu, 24 Apr 2014 13:33:46 GMT
On Thu, Apr 24, 2014 at 6:57 PM, Josh Clum <joshclum@gmail.com> wrote:

> I was wondering if there was a way to generate my own keytab in java
> without going to the kdc? I found code similar to this in an ApachDS test:
>
>         Keytab keytab = Keytab.getInstance();
>         KerberosTime timeStamp = new
> KerberosTime(KerberosUtils.UTC_DATE_FORMAT.parse("20070217235745Z"));
>
>         Map<EncryptionType, EncryptionKey> keys = KerberosKeyFactory
>             .getKerberosKeys(principalName, userPassword);
>
>
>
>         KeytabEntry keytabEntry = new KeytabEntry(
>             principalName,
>             1L,
>             timeStamp,
>             (byte) 0,
>             keys.get(EncryptionType.DES_CBC_MD5));
>
>         List<KeytabEntry> entry = Arrays.asList(keytabEntry);
>
>         keytab.setEntries(entry);
>
>         keytab.write(keytabFile);
>
>         return keytabFile;
>
> I'm able to a klist on a keytab that i create:
>
> Vno  Type         Principal                  Date        Aliases
>
>   0  des-cbc-md5  ssh/localhost@EXAMPLE.COM  2007-02-17
>
>
> Also, if this is not possible, is there a way to programmatically get a
> keytab using ApacheDS or any other java library?
>
> one way to do this is to use KdcConnection to obtain a TgTicket and create
KeyTab from the details of TgTicket



-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message