The right way to kerberize a trinary service...

[Sam Hartman]

>>>>> "Everette" == Everette Gray Allen <Everette_Allen at ncsu.edu> writes:

    Everette> What I can do is pass either a text or binary "blob" in
    Everette> an options block from my application to the daemon who
    Everette> will then just hand it to my sending process when it is
    Everette> called.  My question is how to package the sgt so it can
    Everette> make the trip and be usable?  I really don't know enough
    Everette> about how forwardable or proxy tickets are meant to be
    Everette> used or how to reasonably "loan" tickets to local
    Everette> processes I want to trust.

You can use the krb5_mk_cred family of functions to create krb_cred
message.  This message carries a Kerberos ticket from one entity to
another.  The krb5_rd_cred message can decompose this message.