Groups | Search | Server Info | Login | Register
Groups > comp.protocols.kerberos > #5345
| From | Ken Hornstein <kenh@cmf.nrl.navy.mil> |
|---|---|
| Newsgroups | comp.protocols.kerberos |
| Subject | Re: one time password integration |
| Date | 2024-07-31 16:38 -0400 |
| Organization | TNet Consulting |
| Message-ID | <mailman.116.1722458322.2322.kerberos@mit.edu> (permalink) |
| References | <PH0PR14MB5493673E648D14F5CEE0B7DFAAB12@PH0PR14MB5493.namprd14.prod.outlook.com> <202407311944.46VJi3YK030487@hedwig.cmf.nrl.navy.mil> <PH0PR14MB5493540EBEEFAA44CE2FA876AAB12@PH0PR14MB5493.namprd14.prod.outlook.com> <202407312038.46VKcXkl031026@hedwig.cmf.nrl.navy.mil> |
>One surprise in doing all of this is that there seems to be no standard >utility to let us see the auth indicator for the user's credentials. I'm >probably doing to use one of the test programs (adata). It seems to be >complicated by having the auth indicator in the encrypted part of the >ticket. If you are using the GSSAPI to authenticate, there's a way (it's kind of complicated and weird, like the rest of the GSSAPI). There's not a native way to do that with the Kerberos API; on my list is to submit a patch to MIT to expose the necessary API (there's a lot of things on that list, so don't wait for me). However, if you're interested in looking at authentication indicators in TGTs, I'm not sure there's a way to verify the AD-CAMMAC container in a TGT; you'd need to look at a service ticket (which I suppose you would already have if you were verifying a Kerberos password). --Ken
Back to comp.protocols.kerberos | Previous | Next | Find similar
Re: one time password integration Ken Hornstein <kenh@cmf.nrl.navy.mil> - 2024-07-31 16:38 -0400
csiph-web