Creating GSSAPI initiate credential using keytab entry
Richard Evans
richard.evans at datanomic.com
Mon Mar 8 05:00:34 EST 2010
I am attempting to use GSSAPI to connect to a remove service using a
keytab entry as the principal.
I believe that the gss_acquire_cred call requires a matching entry in
the credentials cache in order
to get the TGT.
So I guess I would need to:
1. Use a KRB5 API call to get the credentials for the relevant keytab
entry
2. Store them in a temporary cache file (I don't want to mess with the
cache for the current user)
3. Set the KRB5CCNAME environment variable to point at this location
4. Call gss_acquire_cred to get the initiator credentials
5. Restore the previous value of KRB5CCNAME, if any
6. Delete the temporary cache file
Is there any example code which shows how to do this? I've searched
around and not found much
documentation in this area. Also, can this be done in a thread-safe
way? I don't like the idea of
temporarily overriding an environment variable.
Any help would be appreciated.
Richard
More information about the krbdev
mailing list