krb5-1.12.1 and client keytab file
squidmobile@fastmail.fm
squidmobile at fastmail.fm
Thu May 29 13:35:45 EDT 2014
29 may 2014
greetings,
many thanks to michael.
>Simply compile a recent version of MIT Kerberos, re-link your
>application and then do:
>$ export KRB5_CLIENT_KTNAME=<locatiion> # e.g. $HOME/client.keytab
>$ app-with-gssapi-calls # in my case curl
i just noticed something. i run app-name, and not kinit?
i thought this was a two-step process: kinit and then app. i
expected to see kinit automagically obtain my tgt.
my failed logic ran:
kadmin -p my/admin
ktadd -k ./some.key.file my/principal
kdestroy
KRB5_CLIENT_KTNAME=./some.key.file kinit
at this point, kinit did what it wanted and not what i expected.
ummm. openldap does not directly play with gssapi. it uses
cyrus-sasl to play with gssapi. will cyrus-sasl pick this up?
time for some more tests...
>PS: Thanks for the devs making this feature happen
agreed. this is much simpler than i expected.
many thanks for the tip.
frank smith
--
http://www.fastmail.fm - IMAP accessible web-mail
More information about the Kerberos
mailing list