krb5_get_in* routines

Eugeny S. Mints Eugeny.Mints at
Wed Nov 27 06:09:01 EST 2002

On Tue, 26 Nov 2002, Sam Hartman wrote:

> krb5_get_in_* routines are old and do not deal properly with
> preauthentication.

Mmm.. I have deal with krb5-1.2.5. As I see flag
KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST may be set only by call
to krb5_get_init_creds_opt_set_preauth_list(). But
krb5_get_init_creds_opt_set_preauth_list() never has been
called. So call to make_preauth_list in
krb5_get_init_creds() (get_in_tkt.c) never happened and
hence padata parameter is NULL during krb5_do_preauth() call
(again in krb5_get_init_creds() (get_in_tkt.c)) and so
krb5_do_preauth() immidiatly returns.

So how really krb5_get_init_creds() handles
preauthentication? Sorry if I miss something.


More information about the krbdev mailing list