Programming in Kerberos
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Mon Jun 27 16:23:08 EDT 2005
brian.joh at comcast.net wrote:
> Right, but there are also interfaces that are intended for public use
> that can only be found by looking at the source. For instance, when
> I looked at the source to some of the Kerberos applications in the
> standard distribution, I found no one uses krb5_get_in_tkt() or any
> of its variants anymore. Instead, applications generally use the
> newer, but undocumented krb5_get_init_creds_password(). Given that
> many of the commonly used functions like krb5_get_init_creds_password
> are totally undocumented, newbies, like me, HAVE to read the source,
> or risk using an older and possibly deprecated interface.
Ideally, you wouldn't use the KRB5 APIs at all, you would use GSSAPI
instead - it is standard and portable across implementations and platforms.
-Wyllys
More information about the Kerberos
mailing list