Can't acquire stored impersonated creds from cache
Greg Hudson
ghudson at mit.edu
Mon Sep 21 01:05:10 EDT 2015
On 09/20/2015 06:29 PM, Martin Gee wrote:
> On that note, it seems creds / tickets don't refresh either. I'm using
> gss_acquire_cred (to get the TGT). from: Developing with GSSAPI — MIT
> Kerberos Documentation
> <http://web.mit.edu/kerberos/krb5-latest/doc/appdev/gssapi.html>
> "If the krb5 mechanism acquires initial tickets using the default client
> keytab, the resulting tickets will be stored in the default cache or
> collection, and will be refreshed by future calls togss_acquire_cred
> <http://tools.ietf.org/html/rfc2744.html#section-5.2> as they approach
> their expire time."
> Seems the docs describe something that doesn't exist in the the code.
That functionality does exist, if the TGT was initially acquired using
gss_acquire_cred() with a client keytab. If you ran kinit -k by hand to
populate the ccache, those creds will not be automatically refreshed.
More information about the Kerberos
mailing list