[6633] in Kerberos
Re: how to use kinit.c code w/o putting TGT in a file?
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sat Feb 10 11:31:46 1996
To: scott@talarian.com (Scott Weitzenkamp)
Cc: kerberos@MIT.EDU
From: hartmans@MIT.EDU (Sam Hartman)
Date: 10 Feb 1996 11:22:02 -0500
In-Reply-To: scott@talarian.com's message of Sat, 10 Feb 1996 00:03:21 GMT
>>>>> "Scott" == Scott Weitzenkamp <scott@talarian.com> writes:
Scott> I have been using the GSS-API to write Kerberos
Scott> applications, and now I have been given the job of allowing
Scott> all our client and server processes to run and have them do
Scott> the equivalent of a kinit from C code, plus to not create a
Scott> credentials cache file (supposedly to increase security).
Scott> Does anybody know:
Scott> 1) How can I merge gss-client.c and kinit.c to create a
Scott> program that does not use a credentials cache file?
I'd have to look some at the code, but I suggest you read the
Internet draft on the GSSAPI binding to Kerberos5 and consider calling
acquire_credentials directly after calling krb5_get_in_tkt for your
service ticket instead of a tgt.
Scott> 2) Does this really increase security to store a password
Scott> in a C program? Is there a better way?
Any time you have to store a secret like a password in a
client application, you are decreasing security significantly. I'm
not sure I understand what you are trying to do, but I suspect
strongly there is a better way. If you would give more details, I
suspect I could help some.
Scott> -- Thanks in advance... Scott Weitzenkamp, Talarian
Scott> Corporation, Mountain View, CA scott@talarian.com (415)
Scott> 965-8050 "Welcome to the late show, starring NULL and void"
Scott> -- Men At Work
