[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Was a smartcard used to get the ticket?

Is it possible to find out if a smartcard was used to get a ticket?

A ticket is obtained with kinit. This may be with or without the -C 
PKCS11:... option to use a smartcard.

My application then uses gss_init_sec_context() with GSS_C_NO_CREDENTIAL to 
get the default. It would be useful to know if a smartcard was used so that:
   1) an administrator can insist on smartcards being used.
   2) the application can adjust its response to a smartcard being removed.

I've not found anything relevant in the documentation or with Google.

nm on libgssapi.so shows gsskrb5_extract_authz_data_from_sec_context() which 
looks promising, but I'm not sure what it gives or how to use it. I assume 
that it returns an AuthorizationData structure, but I'm not clear if this 
contains the information I need or what value the ad_type parameter should 

Is what I want possible? Is gsskrb5_extract_authz_data_from_sec_context() 
the right way to get the information? Is its use documented somewhere?

I'm using Heimdal 1.0.

Many thanks,


Get Pimped! FREE emoticon packs from Windows Live -