[5006] in Kerberos
Re: Q: K4 app-srvr->app-srvr authentication? (fwd)
daemon@ATHENA.MIT.EDU (Ed Phillips)
Fri Apr 21 10:58:55 1995
Date: Fri, 21 Apr 1995 10:25:05 -0400 (EDT)
From: Ed Phillips <flaregun@udel.edu>
To: kerberos@MIT.EDU
On 21 Apr 1995, Fluder wrote:
> I am working on an application that has two servers which will periodically
> need to talk to each other. We are prototyping it using K4. The client/server
> authentication was no problem, but it is not obvious (yet) how
> one application server can authenticate itself to another since it
> does not have a tgt_file, only a srvtab. It does not seem that I can
> simply use the krb_sendauth/recvauth pair.
>
> I am now studying the source code, but would appreciate any help from an
> expert.
>
I've never done this with K4. But, with K5 you just use
krb5_sendauth/recvauth. The trick is, on the sendauth side, you need an
initial ticket. You can (hopefully) get that with something in k4 like
krb5_get_in_tkt_with_skey(), which will consult the /etc/v5srvtab. Then
you can use sendauth/recvauth like usual.
Hope this helps,
Ed
+-------------------------------------------------------------------------+
| Ed Phillips <flaregun@udel.edu> University of Delaware (302) 831-6082 |
| Jr Systems Programmer, Network and Systems Services, Info. Technologies |
| Public key footprint: 1C D4 AC C2 A3 D5 97 AA DB 3B D8 85 88 E7 40 B8 |
| Finger flaregun@udel.edu for PGP public key |
+-------------------------------------------------------------------------+