The Kerberos 5 protocol is a beautiful thing, and not too horribly difficult to figure out. However, using the Kerberos 5 APIs in your code is another matter. Documentation is sparse and figuring out what logical steps need to happen with the API to get to your end goal isn’t very clear. At least, its always frustrated me.
The below is an example C program that asks for a username and password and authenticates them against your KDC. You’ll need a correctly configured /etc/krb5.conf, of course. The logical steps here are 1) setup your kerberos context, 2) parse the username into a principal, and 3) obtain the initial TGT for that principal.
Comments? Would you like to help improve the example?