Kerberos environment under windows

Christopher D. Clausen cclausen at acm.org
Thu Feb 1 09:49:28 EST 2007


I don't know to do this from C code, but I generally kinit -kt 
\path\to\keytab principal/instace at realm and then run the app as needed. 
No need to additionaly code in keytab support into the app.

<<CDC

Peger, Daniel Heinrich <dpeger at cosa.de> wrote:
> Hi,
>
> actually I'm trying to write a C app (similar to the sample gss-client
> and gss-server) that should use the test realm instead of the real
> Windows Domain based realm. Where do I have to put the krb5.ini? I
> copied it to %SystemRoot% but it doesn't seem to be recognized...
>
> Hitherto my code looks like:
>
>     srv_name = "test-service at myhost";
>
>     srv_name_buff.value = srv_name;
>     srv_name_buff.length = strlen(srv_name);
>
>     maj_stat = gss_import_name(&min_stat, &srv_name_buff,
>         (gss_OID) gss_nt_service_name,
>         &srv_gss_name);
>
>     maj_stat = gss_display_name(&min_stat, srv_gss_name,
> &srv_name_buff,
>               (gss_OID *) NULL);
>
>     printf("srv_name = %s\n", (char*) srv_name_buff.value);
>
> And the output of this snippet is:
>
>     srv_name = test-service/myhost at MY.WINDOWS.DOMAIN.REALM
>
> But in %SystemRoot%\krb5.ini I set the default realm to
> MY.KRBTEST.REALM...
>
> Additionally I need a way to specify the keytab file used to lookup
> the
> pass for test-service. Is there another way than specifying
> default_keytab_file in the krb5.ini? And how do I tell my programm to
> use the keytab to acquire the service credentials? 





More information about the Kerberos mailing list