PA Data and KLApi's

Brian brianboy at
Tue Jan 20 18:10:48 EST 2004

I am  doing pre-authentication with Kerberos. I have turned 
on the server for several accounts, On the client side I notice there 
are two calls
made to Kerberos , The first call AS_REQ for a TGT and the KDC replies 
PA required and then then AS_REQ again with PA_DATA

Is there a way to send PA data in the request the first time itself

The KRB5 api calls do have parameters for

krb5_get_in_tkt_with_password(/* IN/OUT */ krb5_context context,
/* IN */ const krb5_flags options, krb5_address *
const * addrs, const krb5_enctype * etypes, const krb5_preauthtype * 
pre_auth_types,  ....

I guess it  is possible to pass

But in  the case of
KLStatus KLAcquireNewTicketsWithPassword (KLPrincipal      inPrincipal,
                                           const char      *inPassword,

I do not see a way to do this , Is there any other way to achieve this 
through KL Api's


More information about the krbdev mailing list