Kerberos ticket re-new and gss context
sam sharma
sam.sharma at gat.com
Mon Apr 14 20:12:21 EDT 2008
I hope this is the right e-mail address to write development related
questions.
I am using MIT krb5_get_init_creds_password() to get Kerberos credential
from KDC and storing the credential into a local credential cache file. I
set the same credential cache file name for gss apis using
gss_krb5_ccache_name(). The gss_acquire_cred() is able to acquire the
Kerberos credentials from stored credential cache file and
gss_init_sec_context(), gss_accept_sec_context() works fine.
Now I need to understand and program the Kerberos ticket renewal feature in
my application so that my application's long running client and server
program can renew the Kerberos tickets.
Let me explain my architecture a lilt bit more:
Client
Server
1. gets the credential from KDC using password
2. stores the credential into a local cache file
3. sets the credential cache file name gss_krb5_ccache_name for gss apis
sets the keytab file location gsskrb5_register_acceptor_identity() for gss
apis
4. gss_acquire_cred() at clint side
5. gss_init_sec_context()
gss_accept_sec_context()
.
After I renew the Kerberos credential and store into the local Kerberos
cache file. Do I need to call gss_acquire_cred and gss_init_sec_context(),
gss_accept_sec_context() again at client and server.
If anyone can point me in the right direction here, I will appreciate that.
SAM SHARMA
More information about the krbdev
mailing list