Creating GSSAPI initiate credential using keytab entry--how should this work
Greg Hudson
ghudson at MIT.EDU
Wed Mar 10 14:04:04 EST 2010
On Wed, 2010-03-10 at 12:36 -0500, Sam Hartman wrote:
> Would it be a good idea to wrap all this logic into
> gss_acquire_credential so that if you have a keytab you can just use it
> as an initiator?
> I.E. would that be a good improvement for the future?
Possibly. Or we could do the credentials-cache-backed-by-a-keytab idea.
I think it requires at least some thought, though. Currently our GSSAPI
library only does TGS requests, not AS requests. If it start doing AS
requests, then it becomes a consumer of the gic_opt framework and the
preauth framework, and there are some (probably manageable) implications
there.
More information about the krbdev
mailing list