On Sat, Apr 26, 2025 at 12:36 PM Nico Williams <[email protected]> wrote:
> Rather than a callback I'd prefer to have a new major status code that > indicates that the application must call a function to extract the > prompts / supply answers, and this would use the partial security > context handle to sequence things. > Yeah, when trying to do iakerb_gss_init_sec_context and there's no TGT (or Ticket), then just returning an error is reasonable. Applications would have to add new code to set a callback or catch an error so neither way is going to be transparent. But of course applications are not going to use the gss_acquire_cred_* functions (and they probably should not). When the user gets an error, they will have to use some utility that knows to use gss_acquire_cred_with_password with IAKERB to some IAKERB-aware service. Then, with a TGT in their ccache, the application should now init IAKERB successfully. Correct? Mike -- Michael B Allen Java AD DS Integration https://www.ioplex.com/ <http://www.ioplex.com/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
