[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: krb5_get_init_creds_keytab w/ preauthentication

I'm posting on the Heimdal list now Markus. I can see MIT indeed does
support it but I don't think Heimdal does.


On Sun, 28 May 2006 19:40:22 +0100
"Markus Moeller" <huaraz@moeller.plus.com> wrote:

> As Jeffrey said it does handle preauth because when you create a keytab the 
> need salt information is included which is required for preauth (at least 
> for DES).  If you have a look at Dan Perry's msktutil. In msktpass.c he uses 
> krb5_get_init_creds_keytab to read a keytab entry for authentication to AD 
> and to reset the password of the account.
> Regards
> Markus
> "Michael B Allen" <mba2000@ioplex.com> wrote in message 
> 20060528133847.0d85f983.mba2000@ioplex.com">news:20060528133847.0d85f983.mba2000@ioplex.com...
> > Does krb5_get_init_creds_keytab handle preauthentication? I'm
> > still studying the code but it doesn't look like it
> > does. It's calling krb5_get_in_cred which is listed
> > as deprecated. Krb5_get_init_creds_password does handle
> > preauthentication. It calls krb5_get_init_creds. I suppose I need to
> > modify krb5_get_init_creds_keytab to call krb5_get_init_creds but someone
> > please speak up if that sounds like a waste of time.
> >
> > Thanks,
> > Mike
> >