multiple gss_init_sec_context within a process

Shanky rshanky at
Wed Feb 5 11:07:26 EST 2003

I am using MIT Kerberos 1.2.6.

I am writing an application which does multiple gss_init_sec_context on 
behalf of various kerberos principals / unix users (basically the 
application does a setuid)  and also as different users (like 
uid=101,102). The application would do a setuid to appropriate user id 
(and let us assume the credentials has been already obtained by that 

Now the problem I hit is that I am not able to do a gss_init_sec_context 
for a different user once the first gss_init_sec_context has been called 

The problem I believe is that the default credential cache has already 
been setup during the first call and the same is being returned for 
subsequent init_sec_context. This is  because the kg_context 
(krb5_context) defined as static in the gssapi_krb5.c  and has already 
been initialized. Is there any consequence of making this a global and 
if we do a gss_release_cred before the next gss_init_sec_context to 
clear this default context out.

Or please let me know if I am missing something.



More information about the Kerberos mailing list