Replacements for deprecated Kerberos APIs?

[Sam Hartman]

I think your list is fairly correct.  RFC 4120 doesn't have anything
like the initvector concept; you should only need that API if you have
a really old protocol to deal with.


There are not replacements for the get_in_tkt calls besides password
and keytab.  We haven't seen much of a demand for them and it made
dealing with preauth challenging.  If people want a replacement for
krb5_get_in_tkt_skey we can create a memory-based keytab to use.

--Sam