[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: preauthentication when using keytab

To: Michal Vocu <michal@karlin.mff.cuni.cz>
Subject: Re: preauthentication when using keytab
From: Assar Westerlund <assar@sics.se>
Date: 17 Oct 1999 12:18:03 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: Michal Vocu's message of "Tue, 21 Sep 1999 09:52:29 +0200 (MET DST)"
References: <199909210752.JAA21343@ajnstajn.karlin.mff.cuni.cz>
Sender: owner-heimdal-discuss@sics.se

Michal Vocu <michal@karlin.mff.cuni.cz> writes:
> Hello,

Hi, and sorry for the late answer.

>   when going through the heimdal (0.1m) sources I have noticed that 
> there is some piece of code in krb5_get_init_creds_password() 
> dealing with required preauthentication, but nothing similar 
> in krb5_get_init_creds_password().
> We are using KDC which requires preauthentication and we have had some
> problems when using keytabs to authenticate to KDC. I wonder if it would
> be possible to add the same code to krb5_get_init_creds_password() (I
> have a patch for that) or even better to move that code to
> krb5_get_in_cred() (I think that MIT code does this in
> krb5_get_in_tkt()). I can make a patch for this as well if you think it
> is reasonable.

Yes, moving the code is the right thing to do.  You'll obviously not
want to handle the key expired stuff in krb5_get_in_cred() but only in
the _password() function.  If you can send me a patch for that I'll
install it.

/assar

References:
- preauthentication when using keytab
  - From: Michal Vocu <michal@karlin.mff.cuni.cz>

Prev by Date: format of authorization data in a win2k ticket
Next by Date: Re: Heimdal kdc
Prev by thread: preauthentication when using keytab
Next by thread: Heimdal and DCE/DFS
Index(es):
- Date
- Thread