kerberos junit test

Brandon Allbery ballbery at
Thu May 7 14:21:47 EDT 2015

On Thu, 2015-05-07 at 17:08 +0200, Fabrice Bacchella wrote:
> I can always provide a keytab for both the server and the client, so I
> don't need to have a kdc running. But how can I have the service
> ticket (host/localhost at DOMAIN) ? To get it I need a running KDC. If I
> put it in the keytab, it will be expire, right ?

You appear to have, among other things, some confusion about the
difference between a key (which keytabs store) and tickets (which
clients supply to servers, and which must be generated by a KDC although
they can be cached from generation and delivery to client until
expiration in a ccache). You cannot generate a service ticket from a
service key yourself. is a nice basic introduction
to how Kerberos works.

brandon s allbery kf8nh                           sine nomine associates
allbery.b at                              ballbery at
unix openafs kerberos infrastructure xmonad

More information about the Kerberos mailing list