Kerberos environment under windows

[Peger, Daniel Heinrich]

Hi,

actually I'm trying to write a C app (similar to the sample gss-client
and gss-server) that should use the test realm instead of the real
Windows Domain based realm. Where do I have to put the krb5.ini? I
copied it to %SystemRoot% but it doesn't seem to be recognized...

Hitherto my code looks like:

    srv_name = "test-service at myhost";

    srv_name_buff.value = srv_name;
    srv_name_buff.length = strlen(srv_name);
	
    maj_stat = gss_import_name(&min_stat, &srv_name_buff,
	        (gss_OID) gss_nt_service_name,
	        &srv_gss_name);

    maj_stat = gss_display_name(&min_stat, srv_gss_name, &srv_name_buff,
              (gss_OID *) NULL);

    printf("srv_name = %s\n", (char*) srv_name_buff.value);

And the output of this snippet is:

    srv_name = test-service/myhost at MY.WINDOWS.DOMAIN.REALM

But in %SystemRoot%\krb5.ini I set the default realm to
MY.KRBTEST.REALM...

Additionally I need a way to specify the keytab file used to lookup the
pass for test-service. Is there another way than specifying
default_keytab_file in the krb5.ini? And how do I tell my programm to
use the keytab to acquire the service credentials?

Best Regards,
Daniel.

-----Original Message-----
From: Christopher D. Clausen [mailto:cclausen at acm.org] 
Sent: Thursday, February 01, 2007 3:12 AM
To: Peger, Daniel Heinrich; kerberos at mit.edu
Subject: Re: Kerberos environment under windows

Peger, Daniel Heinrich <dpeger at cosa.de> wrote:
> How do I tell a C/C++ (using GSSAPI) app what my current kerberos
> environment is? For testing purposes I don't want to use the standard
> environment but authenticate against a test kerberos setup, which
> needs to be specified somwhere.

Edit the krb5.ini file and specify your test realm,  Then just kinit to 
a user in that realm before starting putty.  No need to do anything in 
C.

<<CDC
 
E-Mail Disclaimer 
 
Aus Rechts- und Sicherheitsgruenden ist die in dieser E-Mail gegebene 
Information nicht rechtsverbindlich. Eine rechtsverbindliche Bestaetigung 
reichen wir Ihnen gerne auf Anforderung in schriftlicher Form nach. 
Beachten Sie bitte, dass jede Form der unautorisierten Nutzung, 
Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser 
E-Mail nicht gestattet ist. Diese Nachricht ist ausschliesslich fuer 
den bezeichneten Adressaten oder dessen Vertreter bestimmt. Sollten Sie 
nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein, 
so bitten wir Sie, sich mit dem Absender der E-Mail in Verbindung zu setzen.


For legal and security reasons the information provided in this e-mail is not 
legally binding. Upon request we would be pleased to provide you with a legally 
binding confirmation in written form. Any form of unauthorised use, publication, 
reproduction, copying or disclosure of the content of this e-mail is not permitted. 
This message is exclusively for the person addressed or their representative. 
If you are not the intended recipient of this message and its contents, please 
notify the sender immediately.