On credential cache separation between service ticket and TGT

Greg Hudson ghudson at MIT.EDU
Wed Mar 5 11:42:38 EST 2014


On 03/05/2014 10:55 AM, Arpit Srivastava wrote:
> That is the problem now. How to separate service tickets from the TGT so
> as to copy it (only) to the different cache ? It would be great if you
> can give some pointers. 

1. Open the original ccache with krb5_cc_resolve.
2. Retrieve the service cred with krb5_cc_retrieve_cred.
3. Close the original ccache with krb5_cc_close.
4. Open the new ccache with krb5_cc_resolve.
5. Initialize the new ccache with krb5_cc_initialize.
6. Store the previously obtained cred with krb5_cc_store_cred.
7. Close the new ccache with krb5_cc_close.
8. Release the service cred with krb5_free_cred_contents.

Documentation for these functions is at:

  http://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/index.html

If you have to iterate over the source ccache to find the service ticket
because krb5_cc_retrieve_cred won't work for you, use
krb5_cc_start_seq_get, krb5_cc_next_cred, and krb5_cc_end_seq_get.


More information about the Kerberos mailing list