Credentials for an arbitrary user.
Kevin Burton
rkevinburton at charter.net
Tue Feb 3 13:23:44 EST 2004
I am trying to interface with our Windows 2000 server using Kerberos. I
would like a client to obtain a credential handle for a given user with a
supplied password. Using GSSAPI this involves calling gss_init_sec_context
and instead of passing GSS_C_NO_CREDENTIAL I would like to pass the opaque
handle gss_cred_id_t which is obtained via gss_acquire_cred. The problem is
that gss_acquire_cred only has the option to specify a credential by name
(not password). So I am assuming that the way to go would be to look at what
kinit does and then the "name" of the credential is probably the prinicipal
name. I call the following:
krb5_init_context
krb5_cc_default
krb5_parse_name (passing the principal name name at domain)
krb5_unparse_name (because that is what kinit does)
Then I call krb5_get_init_creds_password and I get an error indicating the
my I/O flags are not appropriate. This is a Windows application so tty
settings and I/O setting are not really applicable. Is there another way to
get a set of credentials given a user name and password? Ideally I would
like a gss_cred_id_t handle of the credentials but right now I would take
anything.
Thank you for your suggestions.
Kevin
More information about the Kerberos
mailing list