[3707] in Kerberos-V5-bugs

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [krbdev.mit.edu #1278] No prompter interface for krb5_get_init_creds_keytab

daemon@ATHENA.MIT.EDU (kenh@cmf.nrl.navy.mil via RT)
Tue Dec 17 13:40:56 2002

Message-Id: <rt-1278-3784.19.2871238009953@krbdev.mit.edu>
In-Reply-To: <rt-1278@krbdev.mit.edu>
From: "kenh@cmf.nrl.navy.mil via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Tue, 17 Dec 2002 13:39:44 -0500 (EST)


>Why do you think you need this?  The idea of getting initial creds
>from a keytab is that a daemon or other automated task can act as a
>kerberos client without user interaction.  If you require user
>interaction, why aren't you just using a password?

I need to use a host key in a keytab (hence keytab) as a user's
long-term key with a hardware token (user interaction).  This is to
implement Matt Crawford's hw-auth draft.  Okay, so technically I don't
need a keytab interface, but there's no way to give the API a raw key
and provide a prompter interface, and that's the real deficiency.

--Ken
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs

home	help	back	first	fref	pref	prev	next	nref	lref	last	post