[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Was a smartcard used to get the ticket?
Is it possible to find out if a smartcard was used to get a ticket?
A ticket is obtained with kinit. This may be with or without the -C
PKCS11:... option to use a smartcard.
My application then uses gss_init_sec_context() with GSS_C_NO_CREDENTIAL to
get the default. It would be useful to know if a smartcard was used so that:
1) an administrator can insist on smartcards being used.
2) the application can adjust its response to a smartcard being removed.
I've not found anything relevant in the documentation or with Google.
nm on libgssapi.so shows gsskrb5_extract_authz_data_from_sec_context() which
looks promising, but I'm not sure what it gives or how to use it. I assume
that it returns an AuthorizationData structure, but I'm not clear if this
contains the information I need or what value the ad_type parameter should
Is what I want possible? Is gsskrb5_extract_authz_data_from_sec_context()
the right way to get the information? Is its use documented somewhere?
I'm using Heimdal 1.0.
Get Pimped! FREE emoticon packs from Windows Live -