====== Custom transport for Kerberos initial authentication made easy in Heimdal ======

The Kerberos Heimdal development team  [[http://www.h5l.org/blog/index.php/2008/12/fetching-tickets-over-eap/|announced]] the support of a new feature that allows a programmer to obtain handle on Kerberos AS-REQ ,AS-REP, TGS-REQ and TGS-REP packets used during initial authentication (Acquisition of a TGT) and feed them to function that implements the Kerberos state machine. With this feature the programmer can use any custom transport protocol to communicate with KDCs. The skeleton of a function for obtaining a TGT would look as follows :

<code c>

Get_Kerberos_TGT()
{
 
    while(1) {
       ret = krb5_init_creds_step(ctx,inpacket, &outpacket);
       if (ret != CONTINUE)
         break;
       krb5_send_to_kdc_using_custom_transport(outnpacket, &inpacket);
    }
}
</code>


===== Related articles =====
{{topic>Kerberos&noheader}}

{{tag>reference kerberos security coding}}