using multiple credential cache files in a server
Sam Hartman
hartmans at MIT.EDU
Thu May 6 19:05:04 EDT 2004
>>>>> "Alexandra" == Alexandra Ellwood <lxs at MIT.EDU> writes:
Alexandra> You can do the same thing in MIT Kerberos with the
Alexandra> function OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name
Alexandra> (OM_uint32 *minor_status, const char *name, const char
Alexandra> **out_name);
Alexandra> which allows you to set and/or get the cache name used
Alexandra> by the GSSAPI. It lives in <gssapi/gssapi_krb5.h>.
But you should not do so in a gssd.
Really, if you don't understand the issues involved in symlink races,
setuid programming and other UNix security issues, you should not take
on writing a gssd as your first project.
--Sam
More information about the Kerberos
mailing list