Samba and MIT Kerberos

Ken Hornstein kenh at
Mon Apr 18 11:22:02 EDT 2005

>Please advise me of any functions you require that MIT currently
>does not support in addition to the gss_krb5_get_subkey and
>gsskrb5_extract_authz_data_from_sec_context functions.

I created the following function:

OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_times
	(OM_uint32 *minor_status,
		gss_ctx_id_t context_handle,
		krb5_ticket_times *times);

To extract out the ticket times from the Kerberos ticket (I was
specifically interested in the "authtime" field, since I make use of
authtime for authorization decisions).  I'm not sure the API is
wonderful, but all I care about is the functionality.

And don't forget about gss_krb5_get_tkt_flags(); I use that too, but
that's already supported, so it's moot.

(Boy, maybe we should just make a gss_krb5_get_ticket() and be done
with it :-) ).


More information about the krbdev mailing list