KFM function to chg active user

[Alexandra Ellwood]

If by active user you mean the ccache corresponding to the Kerberos  
principal you want to use, then you want KLSetSystemDefaultCache:
<http://web.mit.edu/macdev/KfM/KerberosFramework/KerberosLogin/ 
Documentation/API.html#KLSetSystemDefaultCache>.

Note that this function changes the default credentials cache for all  
applications running as the user.  This can result in strange  
behavior from the user's perspective (such as applications that  
periodically use credentials suddenly failing) and should probably be  
avoided in most circumstances.

If you only want the credentials to change for your specific  
application then you want to use the krb5 or GSSAPI functions to  
manually select a particular ccache.  You can call  
KLAcquireInitialTickets (or if you don't want to obtain new  
credentials, KLCacheHasValidTickets) to obtain the name of the ccache  
containing credentials for a particular principal.  Then just pass  
that ccache name into krb5_cc_set_default_name or  
gss_krb5_ccache_name to set the krb5 or GSSAPI default ccache for  
just your application.  Which function you use depends on whether  
your application makes use of the krb5 apis or GSSAPI.


On Apr 25, 2007, at 1:28 PM, Jim Brown wrote:

> I need to programmatically change the active user from a AD realm to
> a non-AD realm. Reviewing the documentation at:
>
> web.mit.edu/macdev/KfM/KerberosFramework/KerberosLogin/Documentation/
> API.html
>
> didn't show anything that dealt directly with the active user.
>
> Does anyone know if this exists???
>
> TIA
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev

--lxs

Alexandra Ellwood <lxs at mit.edu>
MIT Kerberos Development Team
<http://mit.edu/lxs/www>