Multiple principals in a single application

Bernardo Pastorelli berpast at
Wed May 8 03:05:05 EDT 2013

My application uses openldap and GSSAPI to connect to a remote LDAP server. GSSAPI leverages kerberos as the transport mechanism.

I want to authenticate multiple different users at the same time, but kinit allows me only to store a single principal in the kerberos cache (at least in the default FILE cache).

I read about using the DIR cache or setting environment variables to use different caches, one for each user. But I was wondering if it is possible to avoid all of this, and simply not have a cache, but maintain all the tickets in memory.
The idea is to create the tickets using the kerberos APIs, not storing them in cache but simply keeping them in my process memory. And then pass these tickets to the ldap functions to connect to the ldap server.

Is this possible? Is there any sample available?


More information about the Kerberos mailing list