GSS-API Help..

Nicolas Williams Nicolas.Williams at Sun.COM
Mon Sep 26 10:03:49 EDT 2005


On Mon, Sep 26, 2005 at 09:23:44AM -0400, Wyllys Ingersoll wrote:
> Eitan wrote:
> 
> > Hi , Is there any method to get the Kerberos ticket parameters such
> > as Flags, Authentication Time, Start time, End time act' by using
> > GSS-API?
> 
> Not really.  GSSAPI is a generic interface, it is not a Kerberos-specific
> library.   Therefore it does not actually have any knowledge of the
> details of a kerberos ticket.  All that GSSAPI sees is a generic 
> "credential"
> data structure.

You can, however, get the end time of a credential, and you should be
able to get an end time from a security context that relates to the end
time of the credentials used to establish it.

> >
> > My Kerberized application works fine but all I can get via GSS-API is
> > the user name (gss_display_name()) and I want to get the rest of the
> > ticket encrypted information.
> 
> You would have to use Kerberos APIs to parse that specific
> information from the ticket.

Unfortunately, if you started out using the GSS-API you may not be able
to get at the Ticket.  The IETF KITTEN WG is working on GSS-API
extensions that will provide most if not all this functionality.

Nico
-- 


More information about the Kerberos mailing list