Kerberos environment under windows
Christopher D. Clausen
cclausen at acm.org
Thu Feb 1 09:49:28 EST 2007
I don't know to do this from C code, but I generally kinit -kt
\path\to\keytab principal/instace at realm and then run the app as needed.
No need to additionaly code in keytab support into the app.
<<CDC
Peger, Daniel Heinrich <dpeger at cosa.de> wrote:
> Hi,
>
> actually I'm trying to write a C app (similar to the sample gss-client
> and gss-server) that should use the test realm instead of the real
> Windows Domain based realm. Where do I have to put the krb5.ini? I
> copied it to %SystemRoot% but it doesn't seem to be recognized...
>
> Hitherto my code looks like:
>
> srv_name = "test-service at myhost";
>
> srv_name_buff.value = srv_name;
> srv_name_buff.length = strlen(srv_name);
>
> maj_stat = gss_import_name(&min_stat, &srv_name_buff,
> (gss_OID) gss_nt_service_name,
> &srv_gss_name);
>
> maj_stat = gss_display_name(&min_stat, srv_gss_name,
> &srv_name_buff,
> (gss_OID *) NULL);
>
> printf("srv_name = %s\n", (char*) srv_name_buff.value);
>
> And the output of this snippet is:
>
> srv_name = test-service/myhost at MY.WINDOWS.DOMAIN.REALM
>
> But in %SystemRoot%\krb5.ini I set the default realm to
> MY.KRBTEST.REALM...
>
> Additionally I need a way to specify the keytab file used to lookup
> the
> pass for test-service. Is there another way than specifying
> default_keytab_file in the krb5.ini? And how do I tell my programm to
> use the keytab to acquire the service credentials?
More information about the Kerberos
mailing list