2

I'm looking for a way to obtain a tgt (ticket granting ticket) from a second kerberos principal. In my job I work with a regular PC (member of AD) from our university's it departement but I also manage a lab with it's own AD. To make the daily use much easier I consider it a rather nice option to have another tgt on my Windows 7 machine. On an *nix I'd use kinit - but on Windows...? Thank you for your support

CHfish
  • 428
  • 4
  • 6
  • I haven't tried it - but maybe the MIT Kerberos tools provide some way to do this? – dsolimano Jun 29 '12 at 12:46
  • http://web.mit.edu/kerberos/dist/ doesn't seem to offer v5-binaries for windows - I guess because Kerberos is part of the OS... – CHfish Jun 29 '12 at 16:59
  • Are you sure? I downloaded http://web.mit.edu/kerberos/dist/kfw/3.2/kfw-3.2.2/kfw-3-2-2.msi and the documentation talks about v5 and the NIM lists the TGT for solimanod@FOOBAR.COM as being Kerbeors v5, with the various cifs/sql tickets below that. But, I don't know that if you obtain new credentials, Windows will use those. – dsolimano Jun 29 '12 at 18:24

1 Answers1

1

If you start a new shell (cmd.exe) under the alternate domain account using runas.exe, that will have its own security context and credential cache for the corresponding Kerberos principal, which programs you start from it will inherit.

Richard E. Silverman
  • 181
  • 4