GSSAPI Question

Greg Hudson ghudson at MIT.EDU
Fri Nov 27 17:49:14 EST 2009

On Wed, 2009-11-25 at 16:12 -0500, Shirish Rai wrote:
> I have looked at the code a bit and it seem GSS creates a new KRB context.
> Is there a way to tell GSS to use an existing context and/or ccache. I tried
> this with the gss_krb5_ccache_name API. But that did not change anything. 

There's no way to make it use an existing context, but that should not
be necessary.  gss_krb5_ccache_name should make it use an existing

> I guess there must be a way to only user GSSAPI as well. If that is the
> correct way to go about his, is there an example I can look at.

GSSAPI does not currently have a way to acquire initial credentials (in
current MIT krb5, at least; I believe there are extensions unde
consideration for the future).  So you have the right general approach. 

I think what's tripping you up is that krb5_get_init_creds_password
doesn't store the resulting credential in a ccache.  You need to
explicitly store my_creds into the default ccache or into one you create
for this purpose.

More information about the krbdev mailing list