One more question WRT gssapi...
jiva at devoesquared.com
Tue Jul 26 17:04:07 EDT 2005
Hmm, my tests do not bare this out...
Specifically, I find I MUST issue a kinit -t /etc/krb5.keytab service/
host at foo.com before attempting running my application which then does
Is this correct?
On Jul 21, 2005, at 6:22 PM, Matt Crawford wrote:
>> Must the account that a service is logged in as do a "kinit" as
>> the principal it intends to use prior to using the GSSAPI function
>> gss_acquire_cred ? Or is it sufficient to have the key for the
>> credential in question in the /etc/krb5.keytab file?
> No and yes.
>> In other words, must I do:
>> kinit -t /etc/krb5.keytab service/host at foo.com
>> ? or will gssapi handle it for me?
> No, and "sort of." The service never has to contact the KDC. Its
> "credential" is a very different thing than the client's.
PowerCard - Intuitive Project Management Software for Mac OS X
More information about the krbdev