[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: how to achieve what kinit does programmatically?
>I looked at the krb pam package but it looks like the function there would still prompt for user's passwd before it can
>get the TGT. The goal I want to achieve here is to do it without the prompt since I can get the user/passwd pair
>beforehand(thru proxy authorization maybe).
With PAM, the trick is to register a conversation function that returns
the already known password. The only catch is the fact that you only
know that the module is asking for a prompt with the echo off, not
that it wants the password, so there's a potential vulnerability here.
But no one seems to mind generally. :-)
> So can krb5_get_init_creds_password() do the job without interaction?
I believe so.
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com