Question regarding Pre-Auth API

sasikumar bodathula sasikumar.b at rediffmail.com
Mon Jun 17 06:46:22 EDT 2013


Hi,
   Need some clarification regarding the usage of the following api "krb5_get_init_creds_opt_set_pa" It mentioned in the one of the post that above mentioned API takes the input same as the kinit with option "-X"

This was the way It has been implemented like

attr = X509_anchors and value = cacertificate path

attr = X509_user_identity and value = client certificate and client key file path

attr = flag_RSA_PROTOCOL and value = yes

In this case I need to store the certificated in the system. My question is, is there a way by which only the certificate data is passed to kerberos library API(as memory pointer containing the certificate information) instead of path of the file.

In this way certificate is not stored in the system, extracted certificate information like key and data exist in the process in-memory.

Best Regards,

B.Sasikumar.


More information about the Kerberos mailing list