KfM 4.0b7: a few questions
Alexandra Ellwood
lxs at MIT.EDU
Wed Jan 30 18:54:01 EST 2002
>I've got a background application that performs some Kerberos services
>on behalf of a user who's currently logged in. One of these is to
>obtain a AFS token after login. When I detect that there's been a
>login, my app goes and grabs an AFS service ticket and hands it to the
>AFS cache manager.
>
>However, if the user logs in, then immediately afterwards changes
>their mind and hits Destroy Tickets, they are rewarded by another
>login dialog, since my background app hits a Kerberos v4 call that
>pops open the login dialog. The same thing happens if they have
>multiple logins, and hit "Destroy Tickets" several times in rapid
>succession to clear them all.
>
>I need a way to be able to obtain the service ticket, including
>contacting the TGS if necessary, such that it simply fails silently if
>there aren't valid credentials.
That's an interesting situation. We'll look into a solution for you.
Are you trying to do this on Mac OS X, Mac OS 9 or both?
>You didn't answer my question, though: Why is krb_get_cred() one of
>the functions that makes the login dialog appear? If I call this
>function when there are no credentials, even I log in when the dialog
>appears, the function is still going to fail with RET_NOTKT unless I'm
>requesting the tgt. It seems pointless to bring up the login dialog
>otherwise.
Oh sorry, I misunderstood the question. krb_get_cred() is the trap
by which the login dialog comes up. However, really it shouldn't be
trying to pop up the dialog unless it's a krbtgt service which is
being requested. I'll fix that.
>You'll fix the crash, too, right? (i.e., if I hit "Cancel" at the
>login dialog)
Yup, that's fixed too.
--lxs
--
-----------------------------------------------------------------------------
Alexandra Ellwood <lxs at mit.edu>
MIT Information Systems http://mit.edu/lxs/www/
-----------------------------------------------------------------------------
--
More information about the krbdev
mailing list