Re: Suppresion of password prompt

help-shishi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suppresion of password prompt

From:	Simon Josefsson
Subject:	Re: Suppresion of password prompt
Date:	Wed, 23 Apr 2008 13:26:40 +0200
User-agent:	Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux)

Graham Shaw <address@hidden> writes:

> A question.
>
> I'm trying to find a way to prevent the Shishi library from prompting for
> a password.  Specifically:
>
> 1. When obtaining an initial TGT I want to supply a password to be tried,
> and if that doesn't work I want it to give up.
> 2. When obtaining a service ticket I want it to give up if there is no
> suitable TGT available.
>
> I have a workaround but it involves modifying the library.  (Either that
> or driving it through stdin/stdout, which apart from being fragile would
> be awkward to implement on the platform I'm developing for.)
>
> Is there an approved method for achieving the above?

Hi.  Thanks for your interest.  Which API are you using?  I'm assuming
you are using the shishi_tkts_* interface to get tickets, which is the
recommended high-level interface.

Regarding 1), you can supply a password to be used by using a
Shishi_tkts_hint structure and set the 'passwd' field in it.  It will be
used when getting a TGT when decrypting the AS-REP.  Something like:

  Shishi_tkt *tkt;
  Shishi_tkts_hint hint;
  int rc;

  memset (&hint, 0, sizeof (hint));
  hint.passwd = "mypasswd";
  hint.client = (char *) "jas";
  hint.server = (char *) "imap.domain.org";
  tkt = shishi_tkts_get (shishi_tkts_default (h), &hint);
  if (!tkt)
    {
      printf ("cannot find ticket for \"%s\"\n", sname);
      return NULL;
    }

I see now that if the server requires pre-authentication (using a
password) I see now that the code will not use the provided password,
but instead will prompt for a new password.  I have fixed this, see:

http://git.savannah.gnu.org/gitweb/?p=shishi.git;a=commitdiff;h=bdf277a51182c49b13b61ac6f57b8111dcbf94a5

Regarding 2), use shishi_tkts_find() instead which will only search
among your existing tickets.  The shishi_tkts_get* APIs will try to get
a ticket if it doesn't exist -- it calls shishi_tkts_find() first.

Does this help?  Please tell me if you think the API (or the
documentation) can be improved somehow here.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Suppresion of password prompt, Graham Shaw, 2008/04/23
- Re: Suppresion of password prompt, Simon Josefsson <=
  - Re: Suppresion of password prompt, Graham Shaw, 2008/04/23
    - Re: Suppresion of password prompt, Simon Josefsson, 2008/04/24
    - Re: Suppresion of password prompt, Graham Shaw, 2008/04/24

Prev by Date: Suppresion of password prompt
Next by Date: Re: Suppresion of password prompt
Previous by thread: Suppresion of password prompt
Next by thread: Re: Suppresion of password prompt
Index(es):
- Date
- Thread