does krb5_cc_get_name return a credentials cache name on a Macintosh?

Michael Dautermann dautermann at mac.com
Thu Nov 6 19:51:47 EST 2003 

Hi all,

I've done a pretty thorough search on Google groups and via the mailing 
list archives and didn't find any clues, so I'm going to post here and 
hope that any answer helps me and maybe somebody else down the line.

I've got a function in some KX509 code I'm working on that is checking 
to see if a token is valid.  The first few lines are attached below.

My calls to krb5_cc_get_name returns a filename of '0' and the length 
of the filename is 1 character.  I can see my valid credentials looking 
in the Kerberos Manager, so it's not that I don't have tickets.  On a 
UN*X machine, I know the ticket cache is hiding in the /tmp directory, 
but where's the cache hiding on a Macintosh?  Or should we be doing 
something entirely different to determine whether or not our tokens are 
valid?

B.T.W. which is better for posting questions like this to: the 
newsgroup comp.protocols.kerberos or the mailing list?  the search 
function for the mailing list archives is somewhat clunky... try 
searching back 1000 articles and you'll see a browser time out before a 
response comes back.

thanks,

michael

int checkTokenValidity_KRB5()
{
	struct stat			statbuf;
	krb5_context		k5_context;
	krb5_ccache		cc;
	krb5_creds		match_creds, creds;
	krb5_error_code	k5_rc;

	static int			last_result = 0;
	static time_t		cc_modtime;
	char 				cc_name[64];
	
	memset(&match_creds, '\0', sizeof(match_creds));
	cc_name[0] = 0;

	/* determine the credentials cache name */
	if ( k5_rc = krb5_init_context(&k5_context)) {
		log_printf( "krb5_init_context returned an error code of %d\n", k5_rc 
);
	}
	if( k5_rc = krb5_cc_default(k5_context, &cc)) {
		log_printf( "krb5_cc_default returned an error code of %d\n", k5_rc );
	}
	log_printf( "krb5_cc_get_name length is %d\n", strlen( 
krb5_cc_get_name(k5_context, cc)));
	strcpy( cc_name, krb5_cc_get_name(k5_context, cc));
	krb5_free_context(k5_context);
	if (stat(cc_name, &statbuf)) {
		log_printf("checkTokenValidity_KRB5: Stat of %s failed\n",cc_name);
		return(last_result = 0);
	}
}

More information about the krbdev mailing list