using multiple credential cache files in a server

Sam Hartman hartmans at MIT.EDU
Thu May 6 19:05:04 EDT 2004


>>>>> "Alexandra" == Alexandra Ellwood <lxs at MIT.EDU> writes:

    Alexandra> You can do the same thing in MIT Kerberos with the
    Alexandra> function OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name
    Alexandra> (OM_uint32 *minor_status, const char *name, const char
    Alexandra> **out_name);

    Alexandra> which allows you to set and/or get the cache name used
    Alexandra> by the GSSAPI.  It lives in <gssapi/gssapi_krb5.h>.

But you should not do so in a gssd.

Really, if you don't understand the issues involved in symlink races,
setuid programming and other UNix security issues, you should not take
on writing a gssd as your first project.

--Sam



More information about the Kerberos mailing list