[36619] in Kerberos
API for verifying authenticator checksum?
daemon@ATHENA.MIT.EDU (Peter Mogensen)
Thu Nov 27 02:35:04 2014
Message-ID: <5476D41A.5070208@one.com>
Date: Thu, 27 Nov 2014 08:34:50 +0100
From: Peter Mogensen <apm@one.com>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I was looking at libkrb5 for the public API mirroring "in_data" in
krb5_mk_req()
http://web.mit.edu/kerberos/krb5-current/doc/appdev/refs/api/krb5_mk_req.html
But I failed to find any.
It looks like you're supposed to get the Authenticator and then the
checksum from the Authenticator manually and compare it against a
checksum you manually build.
But many of the needed call are either listed as deprecated or not to be
called directly and the comp_cksum() call that the KDC uses for TGS-REQs
aren't even public.
Have I missed some part of the API or are there really no easy way to
verify the cksum created by mk_req() in_data ?
/Peter
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos