GSS-API - Kerberos Ticket

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

GSS-API - Kerberos Ticket

eitan-3
Hello,

Is there any method of "extracting" the Kerberos key from a GSS ticket?

Microsoft sends the Kerberos ticket (SPNEGO over http) using the GSS
methods. If one attempts to handle the internal Kerberos ticket
information (such as the case of the PAC data) he will have to use the
Kerberos ticket.

Any idea?
Any explicit function I've missed ? such as
gss_extract_krb5_ticket()..?

Eitan.

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: GSS-API - Kerberos Ticket

Kevin Coffman
> Hello,
>
> Is there any method of "extracting" the Kerberos key from a GSS ticket?
>
> Microsoft sends the Kerberos ticket (SPNEGO over http) using the GSS
> methods. If one attempts to handle the internal Kerberos ticket
> information (such as the case of the PAC data) he will have to use the
> Kerberos ticket.
>
> Any idea?
> Any explicit function I've missed ? such as
> gss_extract_krb5_ticket()..?

In 1.4 MIT added gss_krb5_export_lucid_sec_context() to obtain
information from the negotiated context.  (This is a mechanism-
specific routine currently available only in the MIT distribution
AFAIK.)  Is this close to what you are looking for?

K.C.

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: GSS-API - Kerberos Ticket

Pitrich, Karl
In reply to this post by eitan-3

have a look at gss_krb5_copy_ccache()


On Tue, 2005-09-27 at 03:24 -0700, Eitan wrote:

> Hello,
>
> Is there any method of "extracting" the Kerberos key from a GSS ticket?
>
> Microsoft sends the Kerberos ticket (SPNEGO over http) using the GSS
> methods. If one attempts to handle the internal Kerberos ticket
> information (such as the case of the PAC data) he will have to use the
> Kerberos ticket.
>
> Any idea?
> Any explicit function I've missed ? such as
> gss_extract_krb5_ticket()..?
>
> Eitan.

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos

signature.asc (196 bytes) Download Attachment