[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: how to achieve what kinit does programmatically?

To: Kent_Wu@trendmicro.com
Subject: RE: how to achieve what kinit does programmatically?
From: Balazs GAL <balsa@rit.bme.hu>
Date: 03 Jun 2003 08:18:55 +0200
Cc: deengert@anl.gov, heimdal-discuss@sics.se, hotz@jpl.nasa.gov
In-Reply-To: <200306030410.OAA66820@au.padl.com>
References: <200306030410.OAA66820@au.padl.com>
Sender: owner-heimdal-discuss@sics.se

2003-06-03, k keltezéssel Luke Howard ezt írta:
> >I looked at the krb pam package but it looks like the function there would still prompt for user's passwd before it can
> >get the TGT. The goal I want to achieve here is to do it without the prompt since I can get the user/passwd pair
> >beforehand(thru proxy authorization maybe). 
> 
> With PAM, the trick is to register a conversation function that returns
> the already known password. The only catch is the fact that you only 
> know that the module is asking for a prompt with the echo off, not
> that it wants the password, so there's a potential vulnerability here.
> But no one seems to mind generally. :-)

You can find a simple example code in poppasswd source.

http://freshmeat.net/redir/poppassd_pam/18872/url_tgz/poppassd_pam-1.0.tar.gz

balsa

References:
- RE: how to achieve what kinit does programmatically?
  - From: Luke Howard <lukeh@PADL.COM>

Prev by Date: RE: how to achieve what kinit does programmatically?
Next by Date: gss_wrap_size_limit()
Prev by thread: RE: how to achieve what kinit does programmatically?
Next by thread: RE: how to achieve what kinit does programmatically?
Index(es):
- Date
- Thread