Kerberos authetication against multiple Windows Domains
Markus Moeller
huaraz at moeller.plus.com
Wed Mar 25 20:09:01 EDT 2009
Here is a small program which you could use to test to get a service ticket.
If you do
# kinit markus at SUSE.HOME
Password for markus at SUSE.HOME:
# klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: markus at SUSE.HOME
Valid starting Expires Service principal
03/25/09 23:44:21 03/26/09 09:44:21 krbtgt/SUSE.HOME at SUSE.HOME
renew until 03/26/09 23:44:21
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
# ./get_service_ticket opensuse11.suse.home HTTP
# klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: markus at SUSE.HOME
Valid starting Expires Service principal
03/25/09 23:44:21 03/26/09 09:44:21 krbtgt/SUSE.HOME at SUSE.HOME
renew until 03/26/09 23:44:21
03/25/09 23:44:32 03/26/09 09:44:21 HTTP/opensuse11.suse.home at SUSE.HOME
renew until 03/26/09 23:44:21
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
# kdestroy
You should see that you got the service ticket in your credential cache.
Regards
Markus
#include <string.h>
#include <stdio.h>
#include <krb5.h>
#include <com_err.h>
int main(argc, argv)
int argc;
char *argv[];
{
krb5_creds creds;
krb5_creds *new_creds = 0;
krb5_error_code kret;
krb5_ccache ccache;
krb5_cc_cursor cursor;
krb5_context kcontext = 0;
krb5_get_init_creds_opt options;
krb5_principal *principal;
char* hostname;
char* service;
if (argc<3) {
fprintf(stderr, "Usage: %s hostname service\n",argv[0]);
return(1);
}
hostname = strdup(argv[1]);
service = strdup(argv[2]);
kret = krb5_init_context(&kcontext);
if (kret) {
com_err(argv[0], kret,
"while initialising context");
exit(1);
}
if ((kret = krb5_cc_default(kcontext, &ccache))) {
com_err(argv[0], kret,
"while initialising ccache");
exit(2);
}
if ((kret = krb5_cc_get_principal( kcontext, ccache, principal))) {
com_err(argv[0], kret,
"while initialising ccache");
exit(3);
}
if ((kret = krb5_cc_start_seq_get( kcontext, ccache, &cursor))) {
com_err(argv[0], kret,
"while initialising ccache");
exit(4);
}
if ((kret = krb5_cc_next_cred( kcontext, ccache, &cursor, &creds)))
{
com_err(argv[0], kret,
"while initialising ccache");
exit(5);
}
if ((kret = krb5_sname_to_principal(kcontext, hostname,
service, KRB5_NT_UNKNOWN,
&creds.server))) {
com_err(argv[0], kret,
"while initialising server creds");
exit(6);
}
if ((kret = krb5_get_credentials(kcontext, 0,
ccache, &creds, &new_creds))) {
com_err(argv[0], kret,
"while getting credentials");
exit(7);
}
}
More information about the Kerberos
mailing list