Douglas E. Engert
deengert at anl.gov
Mon Apr 14 15:53:16 EDT 2003
Il-Sung Lee wrote:
> Does anyone know how to export/import credentials using GSS-API? I was
> hoping that there were APIs similar to
> gss_export_sec_context/gss_import_sec_context for use with credentials so
> that I could pass the delegated credentials from one process to another.
> As far as I can tell, the delegated credential is only available in the
> memory cache of the process accepting the context.
> Any suggestions would be appreciated.
There is a gss_export_cred, and gss_import_cred defined. I have a
gss_export_cred for Kerberos, and the Globus GSI has both implemented.
In the past this was left up to the application, to bypass the GSS and
write out a Kerberos cache. The OpenSSH with GSSAPI is an example of this,
as is the MIT src/appl/gssftp/ftpd/ftpd.c ftpd_gss_convert_creds routine.
It eventually calls gss_krb5_copy_ccache. Then KRB5CCNAME env is normally set.
The next process would use gss_acquire_cred.
> Kerberos mailing list Kerberos at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the Kerberos