getting a service ticket

Hua Ying Ling hyling-s3 at
Thu Nov 13 22:24:39 EST 2003

On Nov 13, 2003, at 6:08 PM, Alexandra Ellwood wrote:

>> Hi,
>> I'm looking for hints on how to get a service ticket( tgt may not 
>> exist ) and place it in a new CCache.
> Look at the sources for kvno (src/clients/kvno/kvno.c in the 
> krb5-1.3.1 sources) for sample code which gets a service ticket 
> manually from a TGT.   Note that if you are on Mac OS X and trying to 
> store a v4 service ticket you will need to call into the CCAPI rather 
> than the tf_*() APIs.
Thanks, this looks promising.
> Note that service tickets are usually automatically acquired when you 
> try to connect to a service.  Is there some reason you need to get a 
> service ticket manually (that isn't already covered by some other 
> utility such as kvno or aklog)?
We're trying to solve the problem where our CUPS backend which runs as 
root, can't access the users' credentials.  Our kludge for 
authenticated printing under Jaguar didn't survive into Panther.  In 
our new and improved kludge for Panther we're planning on getting the 
service ticket while still in the users' space as a Printer Dialog 
extension and writing this service ticket to /tmp.  Later in the CUPS 
backend we're reading this service ticket from /tmp then deleting the 
service ticket once the print job finishes.

~Hua Ying
Kerberos Newbie for life

More information about the krbdev mailing list