Automatic Prompting for Tickets on Windows

[Kevin Coffman]

I just discovered that we have an application using the private 
function gss_krb5_ccache_name().  I'm trying to remove the requirement 
to link directly with the MIT gssapi_krb5.{a,so} library and link only 
with a stand-alone mechanism-switching gssapi library. (Based on the 
mechglue code in the MIT release.)

Does setting the KRB5CCNAME environment variable provide *equivalent* 
funcionality to the use of this private function?


Thanks!
K.C.


> Jeffrey Altman wrote:
>
> > Alexandra Ellwood wrote:
> >
[ snip ]
> 
> >  As you might have noticed, Fetch and some other GSSAPI applications on
> >  the Mac don't actually have this behavior.  The reason for this is
> >  that they can work around the problem by using the private API
> >  gss_krb5_ccache_name() to manually reset the ccache name in GSSAPI's
> >  krb5_context.  The problem is, gss_krb5_ccache_name() is a private API
> >  -- not even part of the GSSAPI C Bindings -- and really should be
> >  avoided.
> 
> There does need to be a mechanism which allows a GSSAPI application to
> specify which ccache it wants to use.  If that is not performed by a
> private function, then it must be done via the environment variable:
> KRB5_ENV_CCNAME.
> 
> >  So after talking to the rest of the team, we agreed that we should fix
> >  this problem for 1.3.2 so that Windows doesn't end up with the same
> >  private API usage that we have on the Mac.
> 
> Unlike on the Mac, Windows does not yet have support for managing
> multiple ccache's in the Leash Ticket Manager.  This functionality will
> not be added until the KfW 3.0 release.  I am not sure that we have to
> push a fix through for the KfW 2.5.1 (Krb5 1.3.2) release.