a bunch of random krb5 questions
Chris Hecker
checker at d6.com
Tue Sep 27 01:42:45 EDT 2011
I'm getting krb5 up and working with my game (it's working great, both
normal client<->server and client<->client with u2u), and have
accumulated a bunch of questions since my last barrage:
1. What's the difference, if any, between get_credentials with the
CACHED flag and cc_retrieve_creds?
2. I talk to the KDC in a dedicated thread, which has its own
krb5_context. Is it okay to use the krb5_creds allocated on that
context with the main thread's context? If not, do I need to do the KDC
communication on its own thread, then use the ccache for moving the
creds to the main thread?
3. mk_req takes a krb5_data and will make a checksum from it, but I
don't see any way to use that on the rd_req side? Am I missing
something, or is this just some internal thing? Or is it the checksum
in the authenticator you can get through krb5_auth_con_geauthenticator?
4. Is there a way from an existing in-use auth_con to get the client
and server princs?
5. Does mk_priv also checksum the data, in addition to encrypting it?
6. Do I need to rd_priv/safe every mk_priv/safe packet I get to keep
the sequence numbers correct (DO_SEQUENCE is on the auth_con), or can I
skip some?
7. Why is krb5int_copy_data_contents krb5int?
8. For u2u authn, I think the user_user sample is backwards. In other
words, it's always the client in a normal krb5 application that calls
get_credentials and talks to the KDC, yet in the user_user sample that
code is in server.c.
Thanks!
Chris
More information about the Kerberos
mailing list