directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Manual Keytab Creation
Date Thu, 24 Apr 2014 15:45:03 GMT
On Thu, Apr 24, 2014 at 9:06 PM, Josh Clum <joshclum@gmail.com> wrote:

> What would be the key things I would need to get from the Tgt?
>
> all those that are needed to build a keytab ;)
(let me know if you don't find a particular piece of data in TgTicket)

>
> On Thu, Apr 24, 2014 at 9:33 AM, Kiran Ayyagari <kayyagari@apache.org>wrote:
>
>>
>>
>>
>> On Thu, Apr 24, 2014 at 6:57 PM, Josh Clum <joshclum@gmail.com> wrote:
>>
>>> I was wondering if there was a way to generate my own keytab in java
>>> without going to the kdc? I found code similar to this in an ApachDS test:
>>>
>>>         Keytab keytab = Keytab.getInstance();
>>>         KerberosTime timeStamp = new
>>> KerberosTime(KerberosUtils.UTC_DATE_FORMAT.parse("20070217235745Z"));
>>>
>>>         Map<EncryptionType, EncryptionKey> keys = KerberosKeyFactory
>>>             .getKerberosKeys(principalName, userPassword);
>>>
>>>
>>>
>>>         KeytabEntry keytabEntry = new KeytabEntry(
>>>             principalName,
>>>             1L,
>>>             timeStamp,
>>>             (byte) 0,
>>>             keys.get(EncryptionType.DES_CBC_MD5));
>>>
>>>         List<KeytabEntry> entry = Arrays.asList(keytabEntry);
>>>
>>>         keytab.setEntries(entry);
>>>
>>>         keytab.write(keytabFile);
>>>
>>>         return keytabFile;
>>>
>>> I'm able to a klist on a keytab that i create:
>>>
>>> Vno  Type         Principal                  Date        Aliases
>>>
>>>   0  des-cbc-md5  ssh/localhost@EXAMPLE.COM  2007-02-17
>>>
>>>
>>> Also, if this is not possible, is there a way to programmatically get a
>>> keytab using ApacheDS or any other java library?
>>>
>>> one way to do this is to use KdcConnection to obtain a TgTicket and
>> create KeyTab from the details of TgTicket
>>
>>
>>
>> --
>> Kiran Ayyagari
>> http://keydap.com
>>
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message