user-to-user counterpart of krb5_server_decrypt_ticket_keytab() ?
Rick van Rein
rick at openfortress.nl
Sat Jul 2 02:15:42 EDT 2016
I'm pretty far with piecing together my TLS += Kerberos-DH 
implementation in GnuTLS  and my TLS Pool . Simo's hint to look
at kvno.c and kinit.c really helped, thanks!
Since it was a straightforward extension, I added user-to-user Kerberos
to the spec . Adding the 2nd ticket to the ticket request in the
client was all handled by the library. Nice!
But on the server I run into a missing u2u counterpart for
krb5_server_decrypt_ticket_keytab(); I need something along the lines of
krb5_server_decrypt_ticket_creds() that would use a TGT (krb5_creds)
rather than a keytab to decrypt a ticket.
Is there a function in the libkrb5 API to do just that? If not, how is
user-to-user normally implemented? Is there a clever bypass, or will I
have to strip down the ticket with application code?
More information about the krbdev