getting a service ticket
Hua Ying Ling
hyling-s3 at nc.rr.com
Thu Nov 13 22:24:39 EST 2003
On Nov 13, 2003, at 6:08 PM, Alexandra Ellwood wrote:
>> Hi,
>>
>> I'm looking for hints on how to get a service ticket( tgt may not
>> exist ) and place it in a new CCache.
>
> Look at the sources for kvno (src/clients/kvno/kvno.c in the
> krb5-1.3.1 sources) for sample code which gets a service ticket
> manually from a TGT. Note that if you are on Mac OS X and trying to
> store a v4 service ticket you will need to call into the CCAPI rather
> than the tf_*() APIs.
>
Thanks, this looks promising.
> Note that service tickets are usually automatically acquired when you
> try to connect to a service. Is there some reason you need to get a
> service ticket manually (that isn't already covered by some other
> utility such as kvno or aklog)?
>
We're trying to solve the problem where our CUPS backend which runs as
root, can't access the users' credentials. Our kludge for
authenticated printing under Jaguar didn't survive into Panther. In
our new and improved kludge for Panther we're planning on getting the
service ticket while still in the users' space as a Printer Dialog
extension and writing this service ticket to /tmp. Later in the CUPS
backend we're reading this service ticket from /tmp then deleting the
service ticket once the print job finishes.
~Hua Ying
Kerberos Newbie for life
More information about the krbdev
mailing list