DEVHIDE
Login Or Sign up

add preauth questions to kerberos responder context

165 Views Asked by At

I want to use "pkinit" preauth question to authenticate with kerberos.

But I'm unable to answer "pkinit" question because it's not available in the list of questions returned by krb5_responder_list_questions(). Only "password" is proposed.

How can I add "pkinit" or even "otp" in the list of preauth questions ?

c kerberos
Original Q&A
1

There are 1 best solutions below

0
On

I succeeded at the end. The problem was that a previous PKCS11 session was not closed before the PKINIT process tried to open a new one.

103: C_Initialize
2017-01-12 17:46:43.597
[in] pInitArgs = (nil)
Returned:  401 CKR_CRYPTOKI_ALREADY_INITIALIZED
C_Initialize: cryptoki already initialized
can't open pkcs11 session

104: C_Finalize
2017-01-12 17:46:43.598
Returned:  0 CKR_OK
pkinit_client_prep_questions: no questions to ask
pkinit_client_prep_questions returning 0
pkinit_client_prep_questions: no questions to ask
pkinit_client_prep_questions returning 0

questions_to_answer=password
pkinit_client_process 0x7fffe409f1f0 0x7fffe409f7b0 0x7fffe40a1e70 0x7fffe40a1c20
processing KRB5_PADATA_PK_AS_REQ
pkinit_client_profile 0x7fffe409f1f0 0x7fffe409f7b0 0x7fffe40a1e70 0x7fffe40a2538
pkinit_identity_prompt: 0x7fffe409f1f0 0x7fffe40a23f0 0x7fffe40a2290

If all the previous opened sessions are well closed and the KDC is configured to ask the client for a PKINIT preauthentication, we should get the following result : 

111: C_CloseSession
2017-01-12 18:05:04.655
[in] hSession = 0xbabfcb7f
Returned:  0 CKR_OK

112: C_Finalize
2017-01-12 18:05:04.655
Returned:  0 CKR_OK
pkinit_client_prep_questions: asking question '{"PKCS11:module_name=/usr/local/lib/pkcs11-spy.so:slotid=1:token=CCC":0}'
pkinit_client_prep_questions returning 0
pkinit_client_prep_questions: asking question '{"PKCS11:module_name=/usr/local/lib/pkcs11-spy.so:slotid=1:token=CCC":0}'
pkinit_client_prep_questions returning 0

questions_to_answer=pkinit
pkinit_client_process 0x7fffe4096090 0x7fffe4066cc0 0x7fffe4089760 0x7fffe40897f0
processing KRB5_PADATA_PK_AS_REQ
pkinit_client_profile 0x7fffe4096090 0x7fffe4066cc0 0x7fffe4089760 0x7fffe4089f38
pkinit_identity_prompt: 0x7fffe4096090 0x7fffe4089df0 0x7fffe4089c70

Related Questions in C

Related Questions in KERBEROS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.