krb5_rd_cred() ?

Sam Hartman hartmans at MIT.EDU
Tue Nov 30 13:09:31 EST 2004

>>>>> "Ken" == Ken Hornstein <kenh at> writes:

    >> I am adding some functionality to an existing pam module
    >> (pam_krb5afs, which is beyond the scope of this list) in which
    >> I do need to send the users password off to the kdc.

    Ken> Okay, fair enough.

    >> Well from what I understand from other kerberos documentation I
    >> have read I need to validate the responses from the server and
    >> create a tgt and an entry in a keytab file.  I guess what I
    >> really need to brush up on is the functions which will assist
    >> me in 1) validating the information in the response, 2) look
    >> for an existing entry in a keytab file, 3) create an entry in
    >> the keytab file, 4) create a valid ticket, 3) validate the
    >> ticket.  I hope those steps are accurate.  "If" they are I
    >> would need to call the folllwing functions to do this:
    >> calls to various krb5_get_init_creds_x to set my system
    >> specific options
    >> krb5_init_secure_context() - to initialize kerberos libs with
    >> handle

    Ken> FYI; just call krb5_init_context(); I doubt there is a reason
    Ken> to use krb5_init_secure_context in this case.

No, you actually do want secure context here.  Picture something like
su being pam authenticated with KRB5_KTNAME set.


More information about the krbdev mailing list