I'm getting krb5 up and working with my game (it's working great, both normal client<->server and client<->client with u2u), and have accumulated a bunch of questions since my last barrage:
1. What's the difference, if any, between get_credentials with the CACHED flag and cc_retrieve_creds? 2. I talk to the KDC in a dedicated thread, which has its own krb5_context. Is it okay to use the krb5_creds allocated on that context with the main thread's context? If not, do I need to do the KDC communication on its own thread, then use the ccache for moving the creds to the main thread? 3. mk_req takes a krb5_data and will make a checksum from it, but I don't see any way to use that on the rd_req side? Am I missing something, or is this just some internal thing? Or is it the checksum in the authenticator you can get through krb5_auth_con_geauthenticator? 4. Is there a way from an existing in-use auth_con to get the client and server princs? 5. Does mk_priv also checksum the data, in addition to encrypting it? 6. Do I need to rd_priv/safe every mk_priv/safe packet I get to keep the sequence numbers correct (DO_SEQUENCE is on the auth_con), or can I skip some? 7. Why is krb5int_copy_data_contents krb5int? 8. For u2u authn, I think the user_user sample is backwards. In other words, it's always the client in a normal krb5 application that calls get_credentials and talks to the KDC, yet in the user_user sample that code is in server.c. Thanks! Chris ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
