PA Data and KLApi's
Brian
brianboy at apple.com
Tue Jan 20 18:10:48 EST 2004
I am doing pre-authentication with Kerberos. I have turned
preauthentication
on the server for several accounts, On the client side I notice there
are two calls
made to Kerberos , The first call AS_REQ for a TGT and the KDC replies
with
PA required and then then AS_REQ again with PA_DATA
Is there a way to send PA data in the request the first time itself
The KRB5 api calls do have parameters for
krb5_get_in_tkt_with_password(/* IN/OUT */ krb5_context context,
/* IN */ const krb5_flags options, krb5_address *
const * addrs, const krb5_enctype * etypes, const krb5_preauthtype *
pre_auth_types, ....
I guess it is possible to pass
KRB5_PADATA_ENC_TIMESTAMP
But in the case of
KLStatus KLAcquireNewTicketsWithPassword (KLPrincipal inPrincipal,
KLLoginOptions
inLoginOptions,
const char *inPassword,
char
**outCredCacheName);
I do not see a way to do this , Is there any other way to achieve this
through KL Api's
Brian
More information about the krbdev
mailing list