[20171] in Kerberos_V5_Development
without caching of initial krbtgt tickets
daemon@ATHENA.MIT.EDU (Sri)
Mon Sep 28 17:24:45 2020
Date: Mon, 28 Sep 2020 21:22:09 +0000 (UTC)
From: Sri <bskmohan@yahoo.com>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Message-ID: <683388465.1360736.1601328129203@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi,
Am trying to dothe below:
// AS-REQ, AS-REP
krb5_get_init_creds_password(context, &my_creds, userPrinc, pwd, 0, 0, starttime, 0, optz);
…
krb5_cc_initialize(,ccahe,..)
..
krb5_cc_store_creds(,..ccache,...)
…
my_creds.client = userPrinc;
krb5_parse_name(context, server, &my_creds.server);
// TGS-REQ, TGS-REP
krb5_get_credentials(context, KRB5_GC_NO_STORE, ccache, &my_creds, )
…
If I do not store the krbtgt from krb5_get_init_creds_password(), am observing an error “Matching credentials not found" error from krb5_get_credentials.
1) Is there any libkrb5 API that does both sending AS-REQ/AS-REP and TGS-REQ/TGS-REP. No need to send AP-REQ/AP-REP.
2) Is it possible to invoke krb5_get_credentials() without caching the krbtgt tickets? I am trying to reuse the out_creds from krbt_get_init_creds_password() in krb5_get_credentials() but that failed with below trace:
/lib64/libkrb5.so.3(krb5_cc_dup+0x1e) [0x2b9675783ef2]
/lib64/libkrb5.so.3(krb5_cc_dup+0x1e) [0x2b9675783ef2]
/lib64/libkrb5.so.3(+0x47a9a) [0x2b9675783a9a]
/lib64/libkrb5.so.3(krb5_copy_creds+0x48) [0x2b9675783c58]
/lib64/libkrb5.so.3(krb5_tkt_creds_init+0xaf) [0x2b967578944f]
/lib64/libkrb5.so.3(krb5_get_credentials+0x6b) [0x2b967578a19b]
- Thanks in advance, Sri
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
