Handling credentials cache on Win32 without loading krbcc32s.exe?

Jeffrey Altman jaltman2 at nyc.rr.com
Mon Nov 28 23:27:26 EST 2005


ltcwong at msn.com wrote:
> Hi all,
> 
> I'm new to Kerberos, so please pardon me if I'm asking something very
> stupid or obvious...
> 
> Is it possible to use the MIT Kerberos v5 library without loading
> krbcc32s.exe?  It seems like it has to get loaded in order for the
> credentials cache library to work, but is it possible to use the rest
> of the library without creating a credentials cache?  i.e. let the
> application itself hold the Kerberos ticket.
> 
> Many methods in the MIT Kerberos v5 API require a krb5_ccache structure
> in their parameter list.  Is it possible to obtain Kerberos tickets and
> get authenticated etc, without using any of these methods?  Thanks a
> lot!
> 
> 
> Cheers,
> T.C.
> 

Instead of using the default "API:" ccache you can make use of a 
"MEMORY:" ccache.   This will not prevent the execution of krbcc32s.exe
as the server is started when the library is loaded.  However, it will
ensure that the credentials your application obtains are maintained
internal to the process.

It should be noted that the MIT team advises against applications 
prompting users to enter their credentials.  If this is an end user
application, it is preferable for the tickets to be obtained via the
provided ticket manager.   Leash32.exe in KFW 2.6.5.

Jeffrey Altman


More information about the Kerberos mailing list