krb5_rd_cred() ?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Nov 30 11:47:01 EST 2004
>krb5_auth_context authCtx;
>krb5_auth_con_init( &context, &authCtx );
>
>I populate my auth-context with user keys and such. (see
>krb5_auth_con_setuseruserkey()), and I also set some flags for use with
>authentication type routines. There is a thing called
>krb5_auth_con_setflags() that allows you to set neat options on your
>authentication (like storing sequence numbers, time stamps, subkeys,
>etc).
One additional note: unless you're doing user2user authenticaiton (and
if you don't know what this means, then the answer is "you're not"),
you should never need to call krb5_auth_con_setuseruserkey().
krb5_rd_cred() needs some stuff set up in the auth context by other
calls (very likely krb5_rd_req()); you just can't fill it in with
random stuff. Most notably, you need the session key used by
krb5_mk_1cred() (which is called by krb5_fwd_tgt_creds()) to encrypt
the forwarded credentials.
--Ken
More information about the krbdev
mailing list