On 10/31/2015 05:43 AM, Rick van Rein wrote:
> In an attempt to keep a possible extension in userspace, I'm looking to
> get to the e-data after an error message.
The API does not currently provide a facility for this for TGS requests.
If you look at lib/krb5/krb/gc_via_tkt.c, you can see where TG
Hello,
In an attempt to keep a possible extension in userspace, I'm looking to
get to the e-data after an error message. IIRC, the krb5 API only
releases that information with krb5_init_creds_get_error() but that does
not seem to be the right extraction function after krb5_get_credentials(
On Mon, 2011-08-01 at 04:28 -0400, Chris Hecker wrote:
> Is it possible to compute a regular old hmac_sha1 with the krb5 api? In
> other words, the normal api is digest = hmac_sha1(data,pass). I notice
> there are a bunch of hmac functions and krb5int_hmac is even exported,
>
Is it possible to compute a regular old hmac_sha1 with the krb5 api? In
other words, the normal api is digest = hmac_sha1(data,pass). I notice
there are a bunch of hmac functions and krb5int_hmac is even exported,
but it's not clear how to call it to be compatible with a regular hmac
Hi Kevin,
I found that the function krb5_get_in_tkt_with_skey which will acquire the
pa-data for the PA_PK_AS_REQ is not
invoked any were and, is it used . Can I find a good documentation on the
kerberos-API for sending pre-authentication data .
Thank you
with regards
naveen
_
Luke Howard wrote:
Is that so? I've only ever seen Kerberos being carried out over GSSAPI.
What others are there?
Here is a list that Martin Rex of SAP posted to the ietf-kitten mailing
list (to which I would add SPNEGO and NTLM):
ietf mechanism: Company (Country)
Kerberos 5
> "Kirill" == Kirill Mendelev <[EMAIL PROTECTED]> writes:
Kirill> Still, I've built a couple of small programs, which use
Kirill> GSSAPI as provided by MIT distribution, and it seems that
Kirill> the mechanisms supported by default do not include SPNEGO
Kirill> 1.3.6.1.5.5.2. I
, and fbopenssl contains code to add and remove
SPNEGO wrapping using OpenSSL's ASN.1/DER engine.
Frank
Kirill Mendelev <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
01/19/2005 04:54 AM
To: kerberos@MIT.EDU
cc:
Subject: Re: Krb5 API vs. GSSAPI
Hi,
Speaking of mechanisms. I may sound silly, but I'm only beginning to dig
into all this Kerberos/GSSAPI/SPNEGO/SPNEGO via HTTP stuff (lots of
reading done, tons of material ahead).
Still, I've built a couple of small programs, which use GSSAPI as
provided by MIT distribution, and it seems t
For completeness it should be noted that GSSAPI has bindings for multiple
languages, including C and Java.
Frank
Fredrik Tolf <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
01/18/2005 06:09 PM
To: kerberos@MIT.EDU
cc:
Subject: Re: Krb5 API vs.
>Is that so? I've only ever seen Kerberos being carried out over GSSAPI.
>What others are there?
Here is a list that Martin Rex of SAP posted to the ietf-kitten mailing
list (to which I would add SPNEGO and NTLM):
ietf mechanism: Company (Country)
Kerberos 5 MIT, CyberSa
03:19 PM
>
>
> To: kerberos@MIT.EDU
> cc:
> Subject:Krb5 API vs. GSSAPI
>
>
> Hi!
>
> I've been writing a couple of programs that use Kerberos for
> authentication. I've been using the Krb5 native API, since the example
>
> "Fredrik" == Fredrik Tolf <[EMAIL PROTECTED]> writes:
Fredrik> However, looking around at other programs, it seems that
Fredrik> most (all?) are using GSSAPI. Thus, I'm wondering what
Fredrik> the advantages of using GSSAPI are, and when you should
Fredrik> use GSSAPI and whe
Fredrik,
GSSAPI is a standard. Kerberos APIs are implementation specific. Also,
GSSAPI supports many mechanisms.
Frank
Fredrik Tolf <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
01/18/2005 03:19 PM
To: kerberos@MIT.EDU
cc:
Subject: Krb5
Hi!
I've been writing a couple of programs that use Kerberos for
authentication. I've been using the Krb5 native API, since the example
programs that came with the MIT Krb5 source distribution that were using
the native API seemed much simpler than those that used GSSAPI.
However, looking around
On Friday, August 02, 2002, Dan Riley wrote:
[...]
> However, there's also the issue of the meaning of key_exp field which
> you've alluded to. The MIT KDC sets key_exp to the *principal*
> expiration time, not the password expiration, so the prompter still
> won't trigger on password expiratio
[EMAIL PROTECTED] (Nicolas Williams) writes:
> Oh, yes, IIRC there was a bug in krb5_gic_pwd() that prevented the
> "Password will expire in X [time]" warning from ever being prompted.
>
> I forget the details, but I can dig it up - IIRC it was pretty obvious.
The one I reported can be found at:
Have to get back on KDC software. My test principal has password expiration
set, but no policies.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 02, 2002 10:10 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: krb5 API
What KDC
TECTED]]
> Sent: Thursday, August 01, 2002 2:45 PM
> To: Mike Reinertsen; Williams, Nicolas
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: krb5 API
>
>
> OK, we tried all of that and as_reply->enc_part2->key_exp is
> nil. Any other
> ideas? Many thanks.
>
OK, we tried all of that and as_reply->enc_part2->key_exp is nil. Any other
ideas? Many thanks.
-Original Message-
From: Mike Reinertsen
Sent: Thursday, August 01, 2002 2:09 PM
To: 'Nicolas Williams'; Mike Reinertsen
Cc: [EMAIL PROTECTED]
Subject: RE: krb5 API
Thanks.
http://mailman.mit.edu/pipermail/krb5-bugs/2002-February/12.html
-Original Message-
From: Nicolas Williams [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 1:55 PM
To: Mike Reinertsen
Cc: [EMAIL PROTECTED]
Subject: Re: krb5 API
Oh, yes, IIRC there was a bug in
sets the prompts regarding
> password expiration is not executed. So, the prompt parsing method does not
> seem to be an alternative as far as I can tell. Is there another way using
> the public krb5 API that you're aware of?
>
> Thanks.
>
> -Original Message-
>
ompts regarding
password expiration is not executed. So, the prompt parsing method does not
seem to be an alternative as far as I can tell. Is there another way using
the public krb5 API that you're aware of?
Thanks.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
S
ve to understand
the prompts.
Cheers,
Nico
--
> -Original Message-
> From: Mike Reinertsen [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 29, 2002 3:32 PM
> To: Williams, Nicolas; Mike Reinertsen; [EMAIL PROTECTED]
> Subject: RE: krb5 API
>
>
> Upon closer inspe
Thanks.
Mike
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 29, 2002 2:37 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: krb5 API
Well, technically, the key_exp field is ambiguoous and deprecated
- instead there's sequence field that is bett
Cheers,
Nico
--
> -Original Message-
> From: Mike Reinertsen [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 29, 2002 2:15 PM
> To: Williams, Nicolas; Mike Reinertsen; [EMAIL PROTECTED]
> Subject: RE: krb5 API
>
>
> I have looked at that code and it is not cle
tain the password
expiration. Perhaps, I need to call krb5_get_init_creds?
Thanks.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 29, 2002 12:24 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: krb5 API
1. Sort of, but yes. I forget the details
r response to include some information about the
password policy.
Nico
--
> -Original Message-
> From: Mike Reinertsen [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 29, 2002 12:05 PM
> To: '[EMAIL PROTECTED]'
> Subject: krb5 API
>
>
> Can one get a p
Can one get a password's expiration date using the krb5 API? Also, can one
get at password policies using the krb5 API?
Thanks.
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
29 matches
Mail list logo
