KFM function to chg active user
lxs at MIT.EDU
Wed Apr 25 14:59:37 EDT 2007
If by active user you mean the ccache corresponding to the Kerberos
principal you want to use, then you want KLSetSystemDefaultCache:
Note that this function changes the default credentials cache for all
applications running as the user. This can result in strange
behavior from the user's perspective (such as applications that
periodically use credentials suddenly failing) and should probably be
avoided in most circumstances.
If you only want the credentials to change for your specific
application then you want to use the krb5 or GSSAPI functions to
manually select a particular ccache. You can call
KLAcquireInitialTickets (or if you don't want to obtain new
credentials, KLCacheHasValidTickets) to obtain the name of the ccache
containing credentials for a particular principal. Then just pass
that ccache name into krb5_cc_set_default_name or
gss_krb5_ccache_name to set the krb5 or GSSAPI default ccache for
just your application. Which function you use depends on whether
your application makes use of the krb5 apis or GSSAPI.
On Apr 25, 2007, at 1:28 PM, Jim Brown wrote:
> I need to programmatically change the active user from a AD realm to
> a non-AD realm. Reviewing the documentation at:
> didn't show anything that dealt directly with the active user.
> Does anyone know if this exists???
> krbdev mailing list krbdev at mit.edu
Alexandra Ellwood <lxs at mit.edu>
MIT Kerberos Development Team
More information about the krbdev