Learning Kerberos for development

letz.yaara letz.yaara at gmail.com
Wed Aug 21 05:27:45 EDT 2013

I'm using libkrb5, on Linux.
I have a fee issues in which I'm straggling with, can you please help me
understand or redirect me to some documentation :

1 - When *gss_acquire_cred* returns major error *GSS_S_FAILURE*, how do I
parse the minor mechanism error ? *gss_display_status *returns an *empty
string (*and I can't find the code anywhere else).
2 - In what use case scenarios I have multiples messages to be processed by
*gss_display_status* ( in which I need to call gss_display_status again
according to the message_context argument)
3 - *gss_acquire_cred* - where does it keep its cred cache? (not /tmp/
krb5cc_something) and if I'm calling this function again - will it use the
cached credentials?
4 - *gsskrb5_register_acceptor_identity - *can I use this function instead
of setting the environment variable *KRB5_KTNAME *?(not using
/etc/krb5.conf at all)
5. In *gss_acquire_cred - t**ime_rec* argument is described as "The number
of seconds for which the credential will remain valid.* If the time
remaining is not required*, specify NULL for this parameter." --> what does
it mean "*If the time remaining is not required" *? can my cached
credentials be indefinitely valid? (Basically I want to know in advance
when my credentials are expired and how to I control this date while
creating the keytab)

Thank you in advance,

Sent from Yaara's phone

On 20 באוג 2013, at 21:57, Benjamin Kaduk <kaduk at MIT.EDU> wrote:

On Tue, 20 Aug 2013, Yaara wrote:

Hi, where would you recommend me to go in order to implement Kerberos or
sspi in a software !

Thank you !

Hi Yaara,

I'm a bit reluctant to give advice without a better sense of what you are
trying to do, as the answers would be vastly different depending on whether
you want to produce an implementation of the Kerberos protocol, use
Kerberos to provide authentication for an existing application, or
something else.  Can you share more about what you would like to do?

-Ben Kaduk

More information about the krbdev mailing list