user-to-user counterpart of krb5_server_decrypt_ticket_keytab() ?
Greg Hudson
ghudson at mit.edu
Sat Jul 2 11:10:49 EDT 2016
On 07/02/2016 03:03 AM, Rick van Rein wrote:
> I think I found it: krb5_decrypt_tkt_part() takes a keyblock.
> That ought to work!
>
> Sorry for not finding it straight away; I was looking on the web interface,
> which doesn't mention it, but I found it in libkrb5.exports, which is the
> more convincing place to have it :)
libkrb5.exports is the library export list; it contains functions which
are exported for the sake of test programs, or the GSS-API library, or
the KDC. Not everything in there is a public API.
krb5_decrypt_tkt_part() is not prototyped in krb5.h, so it is not a
public API.
You don't need to explicitly decrypt the ticket in a user-to-user
program; rd_req will take care of it for you. Have a look at
src/appl/user_user for an example.
More information about the krbdev
mailing list