[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: preauthentication when using keytab

Michal Vocu <michal@karlin.mff.cuni.cz> writes:
> Hello,

Hi, and sorry for the late answer.

>   when going through the heimdal (0.1m) sources I have noticed that 
> there is some piece of code in krb5_get_init_creds_password() 
> dealing with required preauthentication, but nothing similar 
> in krb5_get_init_creds_password().
> We are using KDC which requires preauthentication and we have had some
> problems when using keytabs to authenticate to KDC. I wonder if it would
> be possible to add the same code to krb5_get_init_creds_password() (I
> have a patch for that) or even better to move that code to
> krb5_get_in_cred() (I think that MIT code does this in
> krb5_get_in_tkt()). I can make a patch for this as well if you think it
> is reasonable.

Yes, moving the code is the right thing to do.  You'll obviously not
want to handle the key expired stuff in krb5_get_in_cred() but only in
the _password() function.  If you can send me a patch for that I'll
install it.