Hello,

as my service is not part of the Kerberos realm, I am not able to acquire a service ticket for it. My next thought is to use the TGT for authentication at the service.
How can this be done? Is the TGT signed with a KDC secret? How can this be obtained from the KDC? If I had the KDC's master key, the TGT is encrypted with, I could give it to my service so it can proof the authenticity of the TGT passed to it by my client.

Is this possible?

Thank you for any help.

________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos