[19785] in Kerberos_V5_Development
Re: Multiple KDC's realm heuristic for KRB5CCNAME=DIR:/tmp/mydir/
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jul 25 10:08:01 2018
To: Martin Gee <geemang_2000@yahoo.com>, "krbdev@mit.edu" <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <2f4e3aa6-b271-14ac-1535-50b14fa0c97d@mit.edu>
Date: Wed, 25 Jul 2018 10:07:47 -0400
MIME-Version: 1.0
In-Reply-To: <1711573979.1735063.1532460390651@mail.yahoo.com>
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 07/24/2018 03:26 PM, Martin Gee wrote:> Would managing KRB5CCNAME
dynamically via setenv system call be a better
> strategy? Seems like I basically, need to map the REALM to the
> appropriate ccache file in a way the gss calles would still work.
That seems like it should work. You could alternatively use
gss_acquire_cred_from() to specify the ccache location. See
t_credstore.c (in the same place as t_s4u.c) for an example, and use the
key "ccache".
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev