Using KfM's credentials cache with Krb5 1.3 on OS X 10.2.6

Alexandra Ellwood lxs at MIT.EDU
Wed Aug 13 17:42:47 EDT 2003

>It turns out that not even Panther exposes enough stuff to do what I need.
>Then there's the issue of reverse DNS lookups.

What does Panther Kerberos lack that you need?

What specifically about reverse DNS lookups is causing you a problem?

Have you filed bugs with Apple about these issues?

>I don't see Panther's Kerberos framework working very well for my needs, and
>would like to have access to Kfm's credentials cache there as well.

How is the CCAPI and/or krb5_cc_* API insufficient for accessing 
credentials?  Or are you referring to the need to access credentials 
from another library that exports the Kerberos 5 API?

I should probably point out that CCAPI v3+ exports only *one* 
function "cc_initialize".  All other CCAPI v3+ functions are macros 
which dereference function pointers in the various types.

This means that if you wanted to write a krb5 implementation that 
uses CCAPI v3+, you only need to load one function pointer.  It's 
basically three Core Foundation calls, and you only need to do it in 
one place in the Kerberos code.

The reason the MIT Kerberos 1.3.x sources use CCAPI v2 is because 
Windows does not currently support CCAPI v3+.

Hope this helps,

Alexandra Ellwood                                               <lxs at>
MIT Information Systems                     

More information about the krbdev mailing list