kvno and gss_init_sec_context
Greg Hudson
ghudson at MIT.EDU
Sun Oct 27 14:38:06 EDT 2013
On 10/27/2013 01:19 PM, Arpit Srivastava wrote:
> What difference does it makes, at protocol and message exchange level,
> by not doing kvno and directly calling gss_init_sec_context() api for
> getting the service ticket and the tokens ?
Just what you observed. If an appropriate service ticket is already
present in the ccache, gss_init_sec_context will use it; otherwise, it
will make a TGS request for the service ticket first.
kvno is not intended to be a normal part of using Kerberos; it is more
of an operational testing tool like ping or traceroute.
More information about the Kerberos
mailing list