On Sun, 2011-07-31 at 00:43 -0400, Chris Hecker wrote: > It seems there's no exposed way to call krb5_get_init_creds with a key > directly. If I've got a key that's not stored in a keytab (like it got > handed to me some other way), it looks like the best/only way to do this > is to create a MEMORY keytab, manually create a keytab_entry, add the > entry, and then pass that to get_init_creds_keytab?
That's right for current interfaces. There used to be a krb5_get_in_tkt_with_skey(), which is still there as a deprecated interface. When the initial ticket interfaces were revised in 1997, I think there was a belief that a krb5 app (as opposed to an RFC 3961 app) shouldn't need to traffic in keyblocks, so that interface was dropped. How are you winding up with a key and needing to make an initial ticket request with it? ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
