Samba and MIT Kerberos

Nicolas Williams Nicolas.Williams at
Mon Apr 18 12:05:26 EDT 2005

On Mon, Apr 18, 2005 at 11:22:02AM -0400, Ken Hornstein wrote:
> >Please advise me of any functions you require that MIT currently
> >does not support in addition to the gss_krb5_get_subkey and
> >gsskrb5_extract_authz_data_from_sec_context functions.
> I created the following function:
> OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_times
> 	(OM_uint32 *minor_status,
> 		gss_ctx_id_t context_handle,
> 		krb5_ticket_times *times);
> To extract out the ticket times from the Kerberos ticket (I was
> specifically interested in the "authtime" field, since I make use of
> authtime for authorization decisions).  I'm not sure the API is
> wonderful, but all I care about is the functionality.
> And don't forget about gss_krb5_get_tkt_flags(); I use that too, but
> that's already supported, so it's moot.
> (Boy, maybe we should just make a gss_krb5_get_ticket() and be done
> with it :-) ).

Since Ticket is a Kerberos V PDU that would be a good extension to have
for the krb5 mech and any raw krb5 mechs.

More information about the krbdev mailing list