Service Ticket Questions

Wed Mar 15 18:49:50 EST 2006

On Mar 15, 2006, at 9:04 AM, krbdev-request at mit.edu wrote:
> Date: Wed, 15 Mar 2006 11:12:43 -0500
> From: Ken Hornstein <kenh at cmf.nrl.navy.mil>
> Subject: Re: Service Ticket Questions
> To: krbdev at mit.edu
> Message-ID: <200603151612.k2FGCg8n003011 at ginger.cmf.nrl.navy.mil>
>
>>>> You could also just never store the service ticket into the ccache.
>>>
>>> You know, I looked at that ... and maybe I missed it, but I couldn't
>>> see how to do that with the "public" API.
>>
>> Create and use a memory ccache.  If you like the results, copy the
>> credentials you are interested in into the "real" ccache.
>
> That _was_ one of my original suggestions.  It will just involve a  
> lot of
> messing around if you want to handle all of the corner cases (e.g.,
> if you're doing cross-realm, do you copy in all of the cross-realm
> TGTs?  What if it fails?).  Maybe that isn't really an issue for
> this application.
>
> --Ken

I don't think the "messing around" is an issue.  I'm worried about a  
failure for a specific service, so I don't care about cleaning up  
tgt's.  In fact I'd specifically want to leave them around, because  
other services might need them.  Just want something that will work  
today (MacOS 10.3 through Leopard).

Is it as simple as this (Sam's suggestion)?

/* krb5_get_init_creds_password already done. */

krb5_get_credentials(ctx, x, ccache, x, &creds);

/* Do other stuff. */

if (other stuff worked)
	krb5_cc_store_cred(ctx, ccache, &creds)

Presuming this is right, the next question is if I can do all the  
"other stuff" without having the creds in a ccache.  If not, then  
what calls do I use to copy ccache entries (Ken's suggestion)?

I'm reading this thread from the digest, so excuse the delay in  
responding.
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu