On Thu, Apr 24, 2014 at 9:06 PM, Josh Clum <joshclum@gmail.com> wrote:
What would be the key things I would need to get from the Tgt?

all those that are needed to build a keytab ;)
(let me know if you don't find a particular piece of data in TgTicket)

On Thu, Apr 24, 2014 at 9:33 AM, Kiran Ayyagari <kayyagari@apache.org> wrote:

On Thu, Apr 24, 2014 at 6:57 PM, Josh Clum <joshclum@gmail.com> wrote:
I was wondering if there was a way to generate my own keytab in java without going to the kdc? I found code similar to this in an ApachDS test:

        Keytab keytab = Keytab.getInstance(); 
        KerberosTime timeStamp = new KerberosTime(KerberosUtils.UTC_DATE_FORMAT.parse("20070217235745Z"));

        Map<EncryptionType, EncryptionKey> keys = KerberosKeyFactory
            .getKerberosKeys(principalName, userPassword);

        KeytabEntry keytabEntry = new KeytabEntry(
            (byte) 0,
        List<KeytabEntry> entry = Arrays.asList(keytabEntry);
        return keytabFile;

I'm able to a klist on a keytab that i create:

Vno  Type         Principal                  Date        Aliases

  0  des-cbc-md5  ssh/localhost@EXAMPLE.COM  2007-02-17  

Also, if this is not possible, is there a way to programmatically get a keytab using ApacheDS or any other java library?

one way to do this is to use KdcConnection to obtain a TgTicket and create KeyTab from the details of TgTicket

Kiran Ayyagari

Kiran Ayyagari