The basic problem I'm trying to solve is a dialogue-free way for a party to use Kerberos to prove that they said X (non-forgeable signature, effectively).
What I tried doing was getting a ticket with krbtgt/REALM@REALM (typically used as the first step in user-user auth), the authdata of which contained the public half of a randomly generated RSA key. I know that the authdata is making it into the ticket (since the ticket data size is directly related to the authdata size). The main problem is being able to decode that authdata on the other end (the "client" in user-user auth terminology). In user-user auth, is there any way for the "client" to have the KDC give it the auxiliary information from the TGT ticket that is normally used as second_ticket? I'm perfectly aware that it's possible to write a public-key database service or other involve-extra-parties solutions, but those are beyond my ability to deploy. -- Elliot ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
