[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how to achieve what kinit does programmatically?

Another example of getting a TGT from a password would be one of the
many krb pam routines. Are you using the Solaris SEAM version of 
Kerberos, if so look at the Sun documentation. You can also look at
the kinit source :-)

"Henry B. Hotz" wrote:
> At 11:53 AM -0700 5/29/03, Kent_Wu@trendmicro.com wrote:
> >Hi:
> >       I can use "kinit" to get a TGT from a win2000 KDC in my
> >Solaris machine and I also assume there must be Kerberos API's to
> >achieve the same thing programmatically in C. However I couldn't
> >find too much info on this. Could anyone kindly tell me the correct
> >way to do it?
> >       Another odd thing is in my /usr/lib/krb5 folder I can find
> >some kerberos libraries which contains some API symbols like
> >krb5_init_context however I couldn't find any man page for this
> >function. Do I miss something here or  I need to download separate
> >Kerberos library to do this?
> This question properly should go to an MIT Kerberos list, but I've
> been looking into it myself so here goes:
> OSX includes the latest MIT K5 release, however it does not include
> the man pages or documentation.  What you need to do is go to the MIT
> site and download the latest source distribution.  That will include,
> among other things, some TeX documentation which is pretty complete.
> Now is it accurate?  I do know that it documents a
> get-tgt-with-password type function that exists, but is different
> from the function actually used by either NetBSD/Heimdal kinit or MIT
> kinit (which are different from each other as well).  In other words
> just because MIT has more documentation than Heimdal doesn't mean
> it's better. |-(
> What I intend to do in my "copious free time" is try lifting code
> from the MIT kinit source and seeing if I can get that to work.  I
> was not successful in getting the documented routine to work.
> I also looked at the GSSAPI documentation from Sun and it appears
> that that API assumes you already have a tgt (unless you're a
> server).  I think SASL wraps GSSAPI so that wouldn't solve the
> problem either.
> --
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu


 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444