Using different cred cache files

Rick Macklem rmacklem at uoguelph.ca
Mon Apr 12 16:54:13 EDT 2004


Does anyone out there know how to tell the KerberosV libraries to switch
from one cred. cache file to a different one? (I am not referring to using
the environment variable to change the default name.)

Why do I need to do this?

A gssd daemon for nfs needs to get Initiator Credentials for different
users (principals), so that it can do a gss_init_sec_context() for that
principal. To get Initiator credentials, it must use the cred. cache
file for that uid. Normally, a process would be that effective uid and
everything would work. (The problem with doing that in this case is that
a new daemon process would have to be forked for each request, so it could
setuid() and then exit after getting the security context.)

I'd rather have the gssd not have to fork. I can create the appropriate
principal (and access any cred cache file, since the gssd is running as root),
but I need to know how to get the library to switch to the correct cred. cache
file?

Thanks in advance for any help, rick


More information about the Kerberos mailing list