kerberos preauthentication IIS
Stephen Ince
since at opendemand.com
Wed Nov 12 18:28:41 EST 2008
I figured it out. Here is is the solution.
krb5.ini
[libdefaults]
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
code
------------------------------------------------------------
krb5_preauthtype PREAUTH_LIST[] = {KRB5_PADATA_ENC_TIMESTAMP,0};
:
err = krb5_get_in_tkt_with_password(
krb5->context,
kdcFlags, NULL, NULL, PREAUTH_LIST, password, krb5->ccache,
&krb5->credentials, 0);
/* if we failed try one more time w/o preauthentication */
if(err){
err = krb5_get_in_tkt_with_password(
krb5->context,
kdcFlags, NULL, NULL, NULL, password, krb5->ccache,
&krb5->credentials, 0);
}
----- Original Message -----
From: "Sam Hartman" <hartmans at mit.edu>
To: "Stephen Ince" <since at opendemand.com>
Cc: <krbdev at mit.edu>; "Matthew Devine" <mdevine at opendemand.com>
Sent: Wednesday, November 12, 2008 9:46 AM
Subject: Re: kerberos preauthentication IIS
> Hi. You posted this message previously. I guess you did not get a
> response. First, you're posting to the wrong place; krbdev at mit.edu is
> for de.development discussions of MIT Kerberos. You're not really
> talking about how to write code for Kerberos; you're more talking
> about how to use the product. That discussion belongs on
> kerberos at mit.edu.
>
> However, I can also explain why I at least did not answer your
> question. As far as I know, IIS does not do pre-authentication--I
> mean that in the sense that I cannot think of anything that IIS would
> be doing that would be called pre-authentication. There is something
> Kerberos does that is called pre-authentication, but that doesn't fit
> well into your question.
>
> --Sam
>
>
More information about the krbdev
mailing list