Re: Suppresion of password prompt

[Graham Shaw]

On 23 Apr, Simon Josefsson <address@hidden> wrote:
> Graham Shaw <address@hidden> writes:

> > 1. When obtaining an initial TGT I want to supply a password to be
> > tried, and if that doesn't work I want it to give up.
> > 2. When obtaining a service ticket I want it to give up if there is no
> > suitable TGT available.

> Hi.  Thanks for your interest.  Which API are you using?  I'm assuming
> you are using the shishi_tkts_* interface to get tickets, which is the
> recommended high-level interface.

Correct.

> I see now that if the server requires pre-authentication (using a
> password) I see now that the code will not use the provided password,
> but instead will prompt for a new password.  I have fixed this, see:

> http://git.savannah.gnu.org/gitweb/?p=shishi.git;a=commitdiff;h=bdf277a51182c49b13b61ac6f57b8111dcbf94a5

Thanks - that appears to work perfectly.

> Regarding 2), use shishi_tkts_find() instead which will only search
> among your existing tickets.  The shishi_tkts_get* APIs will try to get
> a ticket if it doesn't exist -- it calls shishi_tkts_find() first.

That isn't quite the functionality I'm looking for:
- if the client doesn't already have a service ticket then I do want it to
request one from the KDC using the TGT, however
- if the client doesn't have a TGT then I don't want it to prompt for a
password.

(The former is OK because it's an entirely non-interactive process,
whereas the latter takes input from the user so is something I need to
avoid.)

Yours,

-- 
Graham Shaw (http://www.riscpkg.org/~gdshaw/)
The RISC OS Packaging Project (http://www.riscpkg.org/)
The RISC OS Toolkit (http://rtk.riscos.org.uk/)