I'm looking for a way to obtain a tgt (ticket granting ticket) from a second kerberos principal. In my job I work with a regular PC (member of AD) from our university's it departement but I also manage a lab with it's own AD. To make the daily use much easier I consider it a rather nice option to have another tgt on my Windows 7 machine. On an *nix I'd use kinit - but on Windows...? Thank you for your support
3
-
I haven't tried it - but maybe the MIT Kerberos tools provide some way to do this?– dsolimanoCommented Jun 29, 2012 at 12:46
-
web.mit.edu/kerberos/dist doesn't seem to offer v5-binaries for windows - I guess because Kerberos is part of the OS...– CHfishCommented Jun 29, 2012 at 16:59
-
Are you sure? I downloaded web.mit.edu/kerberos/dist/kfw/3.2/kfw-3.2.2/kfw-3-2-2.msi and the documentation talks about v5 and the NIM lists the TGT for [email protected] as being Kerbeors v5, with the various cifs/sql tickets below that. But, I don't know that if you obtain new credentials, Windows will use those.– dsolimanoCommented Jun 29, 2012 at 18:24
Add a comment
|
1 Answer
If you start a new shell (cmd.exe) under the alternate domain account using runas.exe, that will have its own security context and credential cache for the corresponding Kerberos principal, which programs you start from it will inherit.
