[19785] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: Multiple KDC's realm heuristic for KRB5CCNAME=DIR:/tmp/mydir/

daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jul 25 10:08:01 2018

To: Martin Gee <geemang_2000@yahoo.com>, "krbdev@mit.edu" <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <2f4e3aa6-b271-14ac-1535-50b14fa0c97d@mit.edu>
Date: Wed, 25 Jul 2018 10:07:47 -0400
MIME-Version: 1.0
In-Reply-To: <1711573979.1735063.1532460390651@mail.yahoo.com>
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit

On 07/24/2018 03:26 PM, Martin Gee wrote:> Would managing KRB5CCNAME 
dynamically via setenv system call be a better
> strategy?  Seems like I basically, need to map the REALM to the 
> appropriate ccache file in a way the gss calles would still work.

That seems like it should work.  You could alternatively use 
gss_acquire_cred_from() to specify the ccache location.  See 
t_credstore.c (in the same place as t_s4u.c) for an example, and use the 
key "ccache".
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home help back first fref pref prev next nref lref last post