[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Suppresion of password prompt
From: |
Simon Josefsson |
Subject: |
Re: Suppresion of password prompt |
Date: |
Wed, 23 Apr 2008 13:26:40 +0200 |
User-agent: |
Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux) |
Graham Shaw <address@hidden> writes:
> A question.
>
> I'm trying to find a way to prevent the Shishi library from prompting for
> a password. Specifically:
>
> 1. When obtaining an initial TGT I want to supply a password to be tried,
> and if that doesn't work I want it to give up.
> 2. When obtaining a service ticket I want it to give up if there is no
> suitable TGT available.
>
> I have a workaround but it involves modifying the library. (Either that
> or driving it through stdin/stdout, which apart from being fragile would
> be awkward to implement on the platform I'm developing for.)
>
> Is there an approved method for achieving the above?
Hi. Thanks for your interest. Which API are you using? I'm assuming
you are using the shishi_tkts_* interface to get tickets, which is the
recommended high-level interface.
Regarding 1), you can supply a password to be used by using a
Shishi_tkts_hint structure and set the 'passwd' field in it. It will be
used when getting a TGT when decrypting the AS-REP. Something like:
Shishi_tkt *tkt;
Shishi_tkts_hint hint;
int rc;
memset (&hint, 0, sizeof (hint));
hint.passwd = "mypasswd";
hint.client = (char *) "jas";
hint.server = (char *) "imap.domain.org";
tkt = shishi_tkts_get (shishi_tkts_default (h), &hint);
if (!tkt)
{
printf ("cannot find ticket for \"%s\"\n", sname);
return NULL;
}
I see now that if the server requires pre-authentication (using a
password) I see now that the code will not use the provided password,
but instead will prompt for a new password. I have fixed this, see:
http://git.savannah.gnu.org/gitweb/?p=shishi.git;a=commitdiff;h=bdf277a51182c49b13b61ac6f57b8111dcbf94a5
Regarding 2), use shishi_tkts_find() instead which will only search
among your existing tickets. The shishi_tkts_get* APIs will try to get
a ticket if it doesn't exist -- it calls shishi_tkts_find() first.
Does this help? Please tell me if you think the API (or the
documentation) can be improved somehow here.
/Simon