[krbdev.mit.edu #1278] No prompter interface for krb5_get_init_creds_keytab
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Dec 17 13:40:00 EST 2002
>Why do you think you need this? The idea of getting initial creds
>from a keytab is that a daemon or other automated task can act as a
>kerberos client without user interaction. If you require user
>interaction, why aren't you just using a password?
I need to use a host key in a keytab (hence keytab) as a user's
long-term key with a hardware token (user interaction). This is to
implement Matt Crawford's hw-auth draft. Okay, so technically I don't
need a keytab interface, but there's no way to give the API a raw key
and provide a prompter interface, and that's the real deficiency.
--Ken
More information about the krbdev
mailing list