multiple gss_init_sec_context within a process
Shanky
rshanky at yahoo.com
Wed Feb 5 11:07:26 EST 2003
I am using MIT Kerberos 1.2.6.
I am writing an application which does multiple gss_init_sec_context on
behalf of various kerberos principals / unix users (basically the
application does a setuid) and also as different users (like
uid=101,102). The application would do a setuid to appropriate user id
(and let us assume the credentials has been already obtained by that
user).
Now the problem I hit is that I am not able to do a gss_init_sec_context
for a different user once the first gss_init_sec_context has been called
successfully.
The problem I believe is that the default credential cache has already
been setup during the first call and the same is being returned for
subsequent init_sec_context. This is because the kg_context
(krb5_context) defined as static in the gssapi_krb5.c and has already
been initialized. Is there any consequence of making this a global and
if we do a gss_release_cred before the next gss_init_sec_context to
clear this default context out.
Or please let me know if I am missing something.
TIA,
S
More information about the Kerberos
mailing list