>If only GSS-API had a concept of "initial" credentials so that acceptors >could request initial credentials. But that would necessitate a >gss_acquire_cred() API that could handle user prompting.
I don't even think this is a GSSAPI issue. I mean, you can't do cross-realm unless you're doing a TGS_REQ, and you're prohibited from using a TGS_REQ to get a kadmin/admin ticket. You couldn't fix this even with raw Kerberos. --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
