as my service is not part of the Kerberos realm, I am not able to acquire a service ticket for it. My next thought is to use the TGT for authentication at the service.
How can this be done? Is the TGT signed with a KDC secret? How can this be obtained from the KDC? If I had the KDC's master key, the TGT is encrypted with, I could give it to my service so it can proof the authenticity of the TGT passed to it by my client.

Is this possible?

Thank you for any help.

Kerberos mailing list Kerberos@mit.edu