GSS-API Help..
Nicolas Williams
Nicolas.Williams at Sun.COM
Mon Sep 26 10:03:49 EDT 2005
On Mon, Sep 26, 2005 at 09:23:44AM -0400, Wyllys Ingersoll wrote:
> Eitan wrote:
>
> > Hi , Is there any method to get the Kerberos ticket parameters such
> > as Flags, Authentication Time, Start time, End time act' by using
> > GSS-API?
>
> Not really. GSSAPI is a generic interface, it is not a Kerberos-specific
> library. Therefore it does not actually have any knowledge of the
> details of a kerberos ticket. All that GSSAPI sees is a generic
> "credential"
> data structure.
You can, however, get the end time of a credential, and you should be
able to get an end time from a security context that relates to the end
time of the credentials used to establish it.
> >
> > My Kerberized application works fine but all I can get via GSS-API is
> > the user name (gss_display_name()) and I want to get the rest of the
> > ticket encrypted information.
>
> You would have to use Kerberos APIs to parse that specific
> information from the ticket.
Unfortunately, if you started out using the GSS-API you may not be able
to get at the Ticket. The IETF KITTEN WG is working on GSS-API
extensions that will provide most if not all this functionality.
Nico
--
More information about the Kerberos
mailing list