From ed03516c915c4a4c8ae6f7decfa04d51049d9dd5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Jul 2004 05:14:59 +0000 Subject: r1475: More kerberos work - We can now connect to hosts that follow the SPNEGO RFC, and *do not* give us their principal name in the mechListMIC. - The client code now remembers the hostname it connects to - We now kinit for a user, if there is not valid ticket already - Re-introduce clock skew compensation TODO: - See if the username in the ccache matches the username specified - Use a private ccache, rather then the global one, for a 'new' kinit - Determine 'default' usernames. - The default for Krb5 is the one in the ccache, then $USER - For NTLMSSP, it's just $USER Andrew Bartlett (This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0) --- source4/libcli/auth/kerberos.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/libcli/auth/kerberos.h') diff --git a/source4/libcli/auth/kerberos.h b/source4/libcli/auth/kerberos.h index 4a9d82acf1..ca796d0c86 100644 --- a/source4/libcli/auth/kerberos.h +++ b/source4/libcli/auth/kerberos.h @@ -69,5 +69,6 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, const char *realm, const DATA_BLOB *ticket, char **principal, DATA_BLOB *auth_data, DATA_BLOB *ap_rep); +int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, const char *principal, const char *password, time_t *expire_time, time_t *kdc_time); #endif /* HAVE_KRB5 */ -- cgit