Replacements for deprecated Kerberos APIs?

Sam Hartman hartmans at MIT.EDU
Tue Aug 9 14:35:32 EDT 2005

I think your list is fairly correct.  RFC 4120 doesn't have anything
like the initvector concept; you should only need that API if you have
a really old protocol to deal with.

There are not replacements for the get_in_tkt calls besides password
and keytab.  We haven't seen much of a demand for them and it made
dealing with preauth challenging.  If people want a replacement for
krb5_get_in_tkt_skey we can create a memory-based keytab to use.


More information about the krbdev mailing list