GSS-API Help..

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

GSS-API Help..

eitan-3
Hi ,
Is there any method to get the Kerberos ticket parameters such as
Flags, Authentication Time, Start time, End time act' by using GSS-API?

My Kerberized application works fine but all I can get via GSS-API is
the user name (gss_display_name()) and I want to get the rest of the
ticket encrypted information.

TIA
Eitan.

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: GSS-API Help..

Wyllys Ingersoll
Eitan wrote:

>  Hi , Is there any method to get the Kerberos ticket parameters such
>  as Flags, Authentication Time, Start time, End time act' by using
>  GSS-API?

Not really.  GSSAPI is a generic interface, it is not a Kerberos-specific
library.   Therefore it does not actually have any knowledge of the
details of a kerberos ticket.  All that GSSAPI sees is a generic
"credential"
data structure.

>
>  My Kerberized application works fine but all I can get via GSS-API is
>  the user name (gss_display_name()) and I want to get the rest of the
>  ticket encrypted information.

You would have to use Kerberos APIs to parse that specific
information from the ticket.

-Wyllys



________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: GSS-API Help..

Nicolas Williams
On Mon, Sep 26, 2005 at 09:23:44AM -0400, Wyllys Ingersoll wrote:

> Eitan wrote:
>
> > Hi , Is there any method to get the Kerberos ticket parameters such
> > as Flags, Authentication Time, Start time, End time act' by using
> > GSS-API?
>
> Not really.  GSSAPI is a generic interface, it is not a Kerberos-specific
> library.   Therefore it does not actually have any knowledge of the
> details of a kerberos ticket.  All that GSSAPI sees is a generic
> "credential"
> data structure.

You can, however, get the end time of a credential, and you should be
able to get an end time from a security context that relates to the end
time of the credentials used to establish it.

> >
> > My Kerberized application works fine but all I can get via GSS-API is
> > the user name (gss_display_name()) and I want to get the rest of the
> > ticket encrypted information.
>
> You would have to use Kerberos APIs to parse that specific
> information from the ticket.

Unfortunately, if you started out using the GSS-API you may not be able
to get at the Ticket.  The IETF KITTEN WG is working on GSS-API
extensions that will provide most if not all this functionality.

Nico
--
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos