[1721] in Kerberos
Re: protocol question
daemon@ATHENA.MIT.EDU (John Hascall)
Thu Jan 16 16:56:35 1992
Date: Thu, 16 Jan 1992 20:25:06 GMT
From: john@iastate.edu (John Hascall)
To: kerberos@shelby.Stanford.EDU
marantz@cs.rutgers.edu writes:
}As part of our migrating to kerberos (version 5) I'm hacking pwdauthd
}(on some Suns) to validate a password lookup using kerberos
}As I understand it, pwdauthd should get a Ticket Granting Ticket [TGT]
}for the person (from the Authentication Service[AS]) and then try to
}use it on a local service (say talking to rcmd or maybe itself). This
}would mean getting a ticket for that server and having that server
}validate the ticket. To me this sounds like it will be slow. This
}way will need 2 exchanges with kerberos (to the AS and the
}Ticket-Granting Service [TGS]) and one exchange with the local server.
It not as complicated as it seems, basically:
krb_get_lrealm(...) /* where am i? */
krb_get_pw_in_tkt(...) /* get TGT from KDC(AS) */
read_service_key(...) /* get rcmd tkt from srvtab */
krb_mk_req(...) /* use rcmd tkt */
krb_rd_req(...) /* see if it worked */
John
--
John Hascall Our liberties we prize and our rights we will maintain
Project Vincent
Iowa State University Computation Center john@iastate.edu
Ames, IA 50011 515/294-9551 [fax -1717]
