[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: how to achieve what kinit does programmatically?

>I looked at the krb pam package but it looks like the function there would still prompt for user's passwd before it can
>get the TGT. The goal I want to achieve here is to do it without the prompt since I can get the user/passwd pair
>beforehand(thru proxy authorization maybe). 

With PAM, the trick is to register a conversation function that returns
the already known password. The only catch is the fact that you only 
know that the module is asking for a prompt with the echo off, not
that it wants the password, so there's a potential vulnerability here.
But no one seems to mind generally. :-)
>	So can krb5_get_init_creds_password() do the job without interaction? 

I believe so.

-- Luke

Luke Howard | PADL Software Pty Ltd | www.padl.com