I'm trying to document the replacement calls for the deprecated Kerberos APIs. Here's the list that I have so far, but I'm not sure what the proper new calls are for some of the old APIs. Can anyone fill in the blanks? Am I missing any?
I've tried Google, but I only get documentation on the old APIs, and not on what they should be replaced with. The information I have so far came from discussions on the various Kerberos mailing lists.
Old API New API
Wayne Morrison, CISSP
OpenVMS Security/eBusiness Engineering
110 Spit Brook Road
Nashua, New Hampshire
I think your list is fairly correct. RFC 4120 doesn't have anything
like the initvector concept; you should only need that API if you have
a really old protocol to deal with.
There are not replacements for the get_in_tkt calls besides password
and keytab. We haven't seen much of a demand for them and it made
dealing with preauth challenging. If people want a replacement for
krb5_get_in_tkt_skey we can create a memory-based keytab to use.