[krbdev.mit.edu #1278] No prompter interface for krb5_get_init_creds_keytab

Sam Hartman via RT rt-comment at krbdev.mit.edu
Tue Dec 17 16:23:40 EST 2002

Marc, read the draft (draft-ietf-krb-wg-hw-auth) if you want to
understand what is going on.

I actually think that passing in this particular key as the keytab is
wrong, but since Ken is not planning on contributing the code that
uses this preauth type, just the new get_init_creds API, I don't have
to make that evaluation.

While I agree that keytabs are commonly used to by applications that
do not want user interaction, it does not seem unreasonable to use
them in other circumstances where using a prompter is appropriate.
Certainly it is possible to store a long-term key in a keytab even if
the KDC requires preauth for that key.  In the current code base there
is not client side support for this case.

More information about the krbdev mailing list