[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: preauthentication when using keytab
Michal Vocu <firstname.lastname@example.org> writes:
Hi, and sorry for the late answer.
> when going through the heimdal (0.1m) sources I have noticed that
> there is some piece of code in krb5_get_init_creds_password()
> dealing with required preauthentication, but nothing similar
> in krb5_get_init_creds_password().
> We are using KDC which requires preauthentication and we have had some
> problems when using keytabs to authenticate to KDC. I wonder if it would
> be possible to add the same code to krb5_get_init_creds_password() (I
> have a patch for that) or even better to move that code to
> krb5_get_in_cred() (I think that MIT code does this in
> krb5_get_in_tkt()). I can make a patch for this as well if you think it
> is reasonable.
Yes, moving the code is the right thing to do. You'll obviously not
want to handle the key expired stuff in krb5_get_in_cred() but only in
the _password() function. If you can send me a patch for that I'll