Kerberos authetication against multiple Windows Domains

Markus Moeller huaraz at moeller.plus.com
Wed Mar 25 20:09:01 EDT 2009


Here is a small program which you could use to test to get a service ticket.

If you do

# kinit markus at SUSE.HOME
Password for markus at SUSE.HOME:

# klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: markus at SUSE.HOME

Valid starting     Expires            Service principal
03/25/09 23:44:21  03/26/09 09:44:21  krbtgt/SUSE.HOME at SUSE.HOME
        renew until 03/26/09 23:44:21


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
# ./get_service_ticket opensuse11.suse.home HTTP
# klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: markus at SUSE.HOME

Valid starting     Expires            Service principal
03/25/09 23:44:21  03/26/09 09:44:21  krbtgt/SUSE.HOME at SUSE.HOME
        renew until 03/26/09 23:44:21
03/25/09 23:44:32  03/26/09 09:44:21  HTTP/opensuse11.suse.home at SUSE.HOME
        renew until 03/26/09 23:44:21


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
# kdestroy


You should see that you got the service ticket in your credential cache.

Regards
Markus


#include <string.h>
#include <stdio.h>
#include <krb5.h>
#include <com_err.h>

int main(argc, argv)
        int argc;
        char *argv[];
{
        krb5_creds creds;
        krb5_creds *new_creds = 0;
        krb5_error_code kret;
        krb5_ccache ccache;
        krb5_cc_cursor cursor;
        krb5_context kcontext = 0;
        krb5_get_init_creds_opt options;
        krb5_principal *principal;
        char* hostname;
        char* service;

        if (argc<3) {
           fprintf(stderr, "Usage: %s hostname service\n",argv[0]);
           return(1);
        }
        hostname = strdup(argv[1]);
        service = strdup(argv[2]);

        kret = krb5_init_context(&kcontext);
        if (kret) {
            com_err(argv[0], kret,
                            "while initialising context");
            exit(1);
        }

        if ((kret = krb5_cc_default(kcontext, &ccache))) {
            com_err(argv[0], kret,
                            "while initialising ccache");
            exit(2);
        }

        if ((kret = krb5_cc_get_principal( kcontext, ccache, principal))) {
            com_err(argv[0], kret,
                            "while initialising ccache");
            exit(3);
        }

        if ((kret = krb5_cc_start_seq_get( kcontext, ccache, &cursor))) {
            com_err(argv[0], kret,
                            "while initialising ccache");
            exit(4);
        }

        if ((kret = krb5_cc_next_cred( kcontext, ccache, &cursor,  &creds))) 
{
            com_err(argv[0], kret,
                            "while initialising ccache");
            exit(5);
        }


        if ((kret = krb5_sname_to_principal(kcontext, hostname,
                                         service, KRB5_NT_UNKNOWN,
                                         &creds.server))) {
            com_err(argv[0], kret,
                            "while initialising server creds");
            exit(6);
        }

        if ((kret = krb5_get_credentials(kcontext, 0,
                                      ccache, &creds, &new_creds))) {
            com_err(argv[0], kret,
                            "while getting credentials");
            exit(7);
        }

}





More information about the Kerberos mailing list