[27461] in Kerberos

home help back first fref pref prev next nref lref last post

Re: GSSAPI keytab location per application

daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Feb 16 08:14:05 2007

From: Sam Hartman <hartmans@mit.edu>
To: "Peger, Daniel Heinrich" <dpeger@cosa.de>
Date: Fri, 16 Feb 2007 08:13:29 -0500
In-Reply-To: <9362A0EF2D8D204D83E3714069C6AA05BD8E49@cosaex02.corp.cosa.de>
	(Daniel Heinrich Peger's message of "Fri, 16 Feb 2007 10:30:11 +0100")
Message-ID: <tslodnuutxi.fsf@cz.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

>>>>> "Peger," == Peger, Daniel Heinrich <dpeger@cosa.de> writes:

    Peger,> Hi, could you perhaps point me to the methods in the MIT
    Peger,> KRB5 API (LIBKRB5.a) that can be used to make the GSSAPI
    Peger,> methods use a non default keytab? In the API docs I'm
    Peger,> seeing only method to specify a keytab for the
    Peger,> authentication methods in the MIT API only.
In gssapi_krb5.h:

OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *);

    Peger,> From what I see in the MIT API docs I would do something
    Peger,> like this:

    Peger,> krb5_kt_register(...); krb5_kt_resolve(...);
    Peger,> krb5_recvauth(...);

    Peger,> but where is the connection to the GSSAPI's
    Peger,> get_credentials(...) and gss_accept_security_context(...)?

    Peger,> Otherwise I think setting KRB5_KTNAME in some kind of
    Peger,> startup script as mentioned by Daniel and Simon in the two
    Peger,> other responses is an adequate solution.

    Peger,> Cheers

    Peger,> -----Original Message----- From: Sam Hartman
    Peger,> [mailto:hartmans@mit.edu] Sent: Thursday, February 15,
    Peger,> 2007 8:00 PM To: Simon Wilkinson Cc: Peger, Daniel
    Peger,> Heinrich; kerberos@mit.edu Subject: Re: GSSAPI keytab
    Peger,> location per application

    Peger,> Heimdal and MIT also provide APIs to tell GSS-API which
    Peger,> keytab to use.
 
    Peger,> E-Mail Disclaimer
 
    Peger,> Aus Rechts- und Sicherheitsgruenden ist die in dieser
    Peger,> E-Mail gegebene Information nicht rechtsverbindlich. Eine
    Peger,> rechtsverbindliche Bestaetigung reichen wir Ihnen gerne
    Peger,> auf Anforderung in schriftlicher Form nach.  Beachten Sie
    Peger,> bitte, dass jede Form der unautorisierten Nutzung,
    Peger,> Veroeffentlichung, Vervielfaeltigung oder Weitergabe des
    Peger,> Inhalts dieser E-Mail nicht gestattet ist. Diese Nachricht
    Peger,> ist ausschliesslich fuer den bezeichneten Adressaten oder
    Peger,> dessen Vertreter bestimmt. Sollten Sie nicht der
    Peger,> vorgesehene Adressat dieser E-Mail oder dessen Vertreter
    Peger,> sein, so bitten wir Sie, sich mit dem Absender der E-Mail
    Peger,> in Verbindung zu setzen.


    Peger,> For legal and security reasons the information provided in
    Peger,> this e-mail is not legally binding. Upon request we would
    Peger,> be pleased to provide you with a legally binding
    Peger,> confirmation in written form. Any form of unauthorised
    Peger,> use, publication, reproduction, copying or disclosure of
    Peger,> the content of this e-mail is not permitted.  This message
    Peger,> is exclusively for the person addressed or their
    Peger,> representative.  If you are not the intended recipient of
    Peger,> this message and its contents, please notify the sender
    Peger,> immediately.


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post