Creating GSSAPI initiate credential using keytab entry--how should this work
Sam Hartman
hartmans at MIT.EDU
Wed Mar 10 14:18:17 EST 2010
>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
Greg> On Wed, 2010-03-10 at 12:36 -0500, Sam Hartman wrote:
>> Would it be a good idea to wrap all this logic into
>> gss_acquire_credential so that if you have a keytab you can just
>> use it as an initiator? I.E. would that be a good improvement
>> for the future?
Greg> Possibly. Or we could do the
Greg> credentials-cache-backed-by-a-keytab idea.
Greg> I think it requires at least some thought, though. Currently
Greg> our GSSAPI library only does TGS requests, not AS requests.
Greg> If it start doing AS requests, then it becomes a consumer of
Greg> the gic_opt framework and the preauth framework, and there are
Greg> some (probably manageable) implications there.
We already will have to deal with this for iakerb.
More information about the krbdev
mailing list