using multiple credential cache files in a server
Rick Macklem
rmacklem at uoguelph.ca
Fri Apr 23 16:26:38 EDT 2004
A gssd daemon for an NFS client needs to be able to use the GSS API call
gss_init_sec_context() on behalf of different users (uids). I can see two
ways of doing this:
1 - fork off a separate child that does setuid(user_uid) to get context for
that user (seems inefficient)
OR
2 - Get Initiator credentials for the principal and use those in the
gss_init_sec_context() call. This seems preferable, but requires that
the server switch to the credentials cache file for the appropriate uid
associated with that principal. (At least it seems that a credentials
cache file with the correct tgt is required to get Initiator Credentials.)
This leads me to my question:
How do you get the Kerberos libraries to switch to a different credential cache
file whenever you want to get Initiator Credentials for a different uid?
Thanks in advance for any help, rick
More information about the Kerberos
mailing list