krb5-1.12.1 and client keytab file squidmobile at
Thu May 29 13:35:45 EDT 2014

29 may 2014


many thanks to michael.

>Simply compile a recent version of MIT Kerberos, re-link your 
>application and then do:

>$ export KRB5_CLIENT_KTNAME=<locatiion> # e.g. $HOME/client.keytab
>$ app-with-gssapi-calls # in my case curl

i just noticed something.  i run app-name, and not kinit?
i thought this was a two-step process:  kinit and then app.  i
expected to see kinit automagically obtain my tgt.

my failed logic ran:
  kadmin -p my/admin
    ktadd -k ./some.key.file  my/principal
  KRB5_CLIENT_KTNAME=./some.key.file kinit
at this point, kinit did what it wanted and not what i expected.

ummm.  openldap does not directly play with gssapi.  it uses
cyrus-sasl to play with gssapi.  will cyrus-sasl pick this up?
time for some more tests...

>PS: Thanks for the devs making this feature happen

agreed.  this is much simpler than i expected.

many thanks for the tip.
frank smith

-- - IMAP accessible web-mail

More information about the Kerberos mailing list