any non-krb5int way to pass a keyblock to get_init_creds?
Greg Hudson
ghudson at MIT.EDU
Mon Aug 1 11:43:42 EDT 2011
On Sun, 2011-07-31 at 00:43 -0400, Chris Hecker wrote:
> It seems there's no exposed way to call krb5_get_init_creds with a key
> directly. If I've got a key that's not stored in a keytab (like it got
> handed to me some other way), it looks like the best/only way to do this
> is to create a MEMORY keytab, manually create a keytab_entry, add the
> entry, and then pass that to get_init_creds_keytab?
That's right for current interfaces.
There used to be a krb5_get_in_tkt_with_skey(), which is still there as
a deprecated interface. When the initial ticket interfaces were revised
in 1997, I think there was a belief that a krb5 app (as opposed to an
RFC 3961 app) shouldn't need to traffic in keyblocks, so that interface
was dropped.
How are you winding up with a key and needing to make an initial ticket
request with it?
More information about the Kerberos
mailing list