[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: how to achieve what kinit does programmatically?

To: <hotz@jpl.nasa.gov>, <heimdal-discuss@sics.se>
Subject: RE: how to achieve what kinit does programmatically?
From: Kent_Wu@trendmicro.com
Date: Thu, 29 May 2003 16:23:51 -0700
Sender: owner-heimdal-discuss@sics.se
Thread-Index: AcMmN0YZA3aqVoPZRFaQkMyWE/JfyAAAfeQA
Thread-Topic: how to achieve what kinit does programmatically?

Hi, Henry:

	Thx for your info and I'll download the package from MIT and look into it. So is that true according to you this should be doable as long as I've downloaded the complete headers, doc's and library files from MIT? 

	BTW, I did enable the kerberos authentication with windows ADS(active directory service) by using SUN GSS-API and LDAP SDK, however as you said, I need to get TGT beforehand by using kinit. Right now I tried to do this part programmatically then here arose the issue.

Kent

-----Original Message-----
From: Henry B. Hotz [mailto:hotz@jpl.nasa.gov]
Sent: Thursday, May 29, 2003 4:09 PM
To: Kent Wu (RD-US); heimdal-discuss@sics.se
Subject: Re: how to achieve what kinit does programmatically?

At 11:53 AM -0700 5/29/03, Kent_Wu@trendmicro.com wrote:
>Hi:
>	I can use "kinit" to get a TGT from a win2000 KDC in my 
>Solaris machine and I also assume there must be Kerberos API's to 
>achieve the same thing programmatically in C. However I couldn't 
>find too much info on this. Could anyone kindly tell me the correct 
>way to do it?
>	Another odd thing is in my /usr/lib/krb5 folder I can find 
>some kerberos libraries which contains some API symbols like
>krb5_init_context however I couldn't find any man page for this 
>function. Do I miss something here or  I need to download separate 
>Kerberos library to do this?

This question properly should go to an MIT Kerberos list, but I've 
been looking into it myself so here goes:

OSX includes the latest MIT K5 release, however it does not include 
the man pages or documentation.  What you need to do is go to the MIT 
site and download the latest source distribution.  That will include, 
among other things, some TeX documentation which is pretty complete.

Now is it accurate?  I do know that it documents a 
get-tgt-with-password type function that exists, but is different 
from the function actually used by either NetBSD/Heimdal kinit or MIT 
kinit (which are different from each other as well).  In other words 
just because MIT has more documentation than Heimdal doesn't mean 
it's better. |-(

What I intend to do in my "copious free time" is try lifting code 
from the MIT kinit source and seeing if I can get that to work.  I 
was not successful in getting the documented routine to work.

I also looked at the GSSAPI documentation from Sun and it appears 
that that API assumes you already have a tgt (unless you're a 
server).  I think SASL wraps GSSAPI so that wouldn't solve the 
problem either.
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- RE: how to achieve what kinit does programmatically?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: how to achieve what kinit does programmatically?
Next by Date: Re: couple socket-connection questions
Prev by thread: Re: how to achieve what kinit does programmatically?
Next by thread: RE: how to achieve what kinit does programmatically?
Index(es):
- Date
- Thread