[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: how to achieve what kinit does programmatically?

To: Kent_Wu@trendmicro.com
Subject: RE: how to achieve what kinit does programmatically?
From: Luke Howard <lukeh@PADL.COM>
Date: Tue, 3 Jun 2003 14:10:50 +1000
Cc: deengert@anl.gov, heimdal-discuss@sics.se, hotz@jpl.nasa.gov
Organization: PADL Software Pty Ltd
Reply-To: lukeh@PADL.COM
Sender: owner-heimdal-discuss@sics.se
Versions: dmail (bsd44) 2.4c/makemail 2.9d


>I looked at the krb pam package but it looks like the function there would still prompt for user's passwd before it can
>get the TGT. The goal I want to achieve here is to do it without the prompt since I can get the user/passwd pair
>beforehand(thru proxy authorization maybe). 

With PAM, the trick is to register a conversation function that returns
the already known password. The only catch is the fact that you only 
know that the module is asking for a prompt with the echo off, not
that it wants the password, so there's a potential vulnerability here.
But no one seems to mind generally. :-)
	
>	So can krb5_get_init_creds_password() do the job without interaction? 

I believe so.

-- Luke

--
Luke Howard | PADL Software Pty Ltd | www.padl.com

Follow-Ups:
- RE: how to achieve what kinit does programmatically?
  - From: Balazs GAL <balsa@rit.bme.hu>

Prev by Date: RE: how to achieve what kinit does programmatically?
Next by Date: RE: how to achieve what kinit does programmatically?
Prev by thread: Re: how to achieve what kinit does programmatically?
Next by thread: RE: how to achieve what kinit does programmatically?
Index(es):
- Date
- Thread