I'm looking for API to add a new kerberos credentials to macOS internal ticket store.
Basically, I'd like to replace the whole authentication process with a proprietary component and not rely on the OS kerberos implementation, and get the following items:
- Client-to-server ticket encrypted using the resource's secret key.
- A new Authenticator encrypted using Client/Server Session Key
I'd like to set these 2 items where the OS keeps these items to be used when communicating with the resource itself.
Also, I'd like to keep another kerberos item retrieved after the first communication with the resource and it's used for SSO to allow additional request to the resource for a certain period of time. this item is the timestamp found in client's Authenticator encrypted using the Client/Server Session Key
Is there an API I can use to inject those items to where the OS keeps the kerberos Items so it can use them when it access the resource itself.