any non-krb5int way to pass a keyblock to get_init_creds?

Greg Hudson ghudson at MIT.EDU
Mon Aug 1 11:43:42 EDT 2011


On Sun, 2011-07-31 at 00:43 -0400, Chris Hecker wrote:
> It seems there's no exposed way to call krb5_get_init_creds with a key 
> directly.  If I've got a key that's not stored in a keytab (like it got 
> handed to me some other way), it looks like the best/only way to do this 
> is to create a MEMORY keytab, manually create a keytab_entry, add the 
> entry, and then pass that to get_init_creds_keytab?

That's right for current interfaces.

There used to be a krb5_get_in_tkt_with_skey(), which is still there as
a deprecated interface.  When the initial ticket interfaces were revised
in 1997, I think there was a belief that a krb5 app (as opposed to an
RFC 3961 app) shouldn't need to traffic in keyblocks, so that interface
was dropped.

How are you winding up with a key and needing to make an initial ticket
request with it?





More information about the Kerberos mailing list