GSSAPI Question
Greg Hudson
ghudson at MIT.EDU
Fri Nov 27 17:49:14 EST 2009
On Wed, 2009-11-25 at 16:12 -0500, Shirish Rai wrote:
> I have looked at the code a bit and it seem GSS creates a new KRB context.
> Is there a way to tell GSS to use an existing context and/or ccache. I tried
> this with the gss_krb5_ccache_name API. But that did not change anything.
There's no way to make it use an existing context, but that should not
be necessary. gss_krb5_ccache_name should make it use an existing
ccache.
> I guess there must be a way to only user GSSAPI as well. If that is the
> correct way to go about his, is there an example I can look at.
GSSAPI does not currently have a way to acquire initial credentials (in
current MIT krb5, at least; I believe there are extensions unde
consideration for the future). So you have the right general approach.
I think what's tripping you up is that krb5_get_init_creds_password
doesn't store the resulting credential in a ccache. You need to
explicitly store my_creds into the default ccache or into one you create
for this purpose.
More information about the krbdev
mailing list