[krbdev.mit.edu #7597] gss_acquire_cred_from can't sepcify client keytab for initiation
Simo Sorce via RT
rt-comment at krbdev.mit.edu
Thu Mar 28 17:10:16 EDT 2013
In 1.11 2 new features were implemented:
- Cred Store extensions
and
- Keytab Initiation.
The Keytab Initiation goal is to be able to use a client keytab to
automatically obtain TGTs at init_sec_context time.
The Cred Store API goal is to be able to provide credential information
programmatically without depending on global variables, and it can
contsruct crdentials specifying a custom ccache and a custom keytab for
accepting security contexts, but not for initiating security context in
conjuction with the Keytab Initiation feature as there is no URI defined
to pass in a client keytab.
The attached patch adds a new Cred Store type named "client_keytab" to
the 2 available ones ("keytab" and "ccache") and wires
gss_acquire_cred_from in the krb5 mechanism to initialized the
credentials client keytab with the specified client_keytab allowing
gss_init_sec_context to perform Keytab Initiation.
More information about the krb5-bugs
mailing list