KfM 4.0b7: a few questions

Alexandra Ellwood lxs at MIT.EDU
Wed Jan 30 18:54:01 EST 2002

>I've got a background application that performs some Kerberos services
>on behalf of a user who's currently logged in.  One of these is to
>obtain a AFS token after login.  When I detect that there's been a
>login, my app goes and grabs an AFS service ticket and hands it to the
>AFS cache manager.
>However, if the user logs in, then immediately afterwards changes
>their mind and hits Destroy Tickets, they are rewarded by another
>login dialog, since my background app hits a Kerberos v4 call that
>pops open the login dialog.  The same thing happens if they have
>multiple logins, and hit "Destroy Tickets" several times in rapid
>succession to clear them all.
>I need a way to be able to obtain the service ticket, including
>contacting the TGS if necessary, such that it simply fails silently if
>there aren't valid credentials.

That's an interesting situation.  We'll look into a solution for you.

Are you trying to do this on Mac OS X, Mac OS 9 or both?

>You didn't answer my question, though: Why is krb_get_cred() one of
>the functions that makes the login dialog appear?  If I call this
>function when there are no credentials, even I log in when the dialog
>appears, the function is still going to fail with RET_NOTKT unless I'm
>requesting the tgt.  It seems pointless to bring up the login dialog

Oh sorry, I misunderstood the question.  krb_get_cred() is the trap 
by which the login dialog comes up.  However, really it shouldn't be 
trying to pop up the dialog unless it's a krbtgt service which is 
being requested.  I'll fix that.

>You'll fix the crash, too, right?  (i.e., if I hit "Cancel" at the
>login dialog)

Yup, that's fixed too.

Alexandra Ellwood                                               <lxs at mit.edu>
MIT Information Systems                               http://mit.edu/lxs/www/

More information about the krbdev mailing list