[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how to achieve what kinit does programmatically?

>Now is it accurate?  I do know that it documents a 
>get-tgt-with-password type function that exists, but is different 
>from the function actually used by either NetBSD/Heimdal kinit or MIT 
>kinit (which are different from each other as well).  In other words 
>just because MIT has more documentation than Heimdal doesn't mean 
>it's better. |-(

For Heimdal, see krb5_get_init_creds_password(). Or just use PAM
and pam_krb5.

>I also looked at the GSSAPI documentation from Sun and it appears 
>that that API assumes you already have a tgt (unless you're a 
>server).  I think SASL wraps GSSAPI so that wouldn't solve the 
>problem either.

GSS-API does not deal with acquiring initial credentials.

-- Luke

Luke Howard | PADL Software Pty Ltd | www.padl.com