Setting default key table file for Kerberos server

Greg Hudson ghudson at MIT.EDU
Tue Mar 5 12:41:59 EST 2013

On 03/05/2013 06:46 AM, Vipul Mehta wrote:
> I found a function :* **krb5_init_creds_set_keytab()** *in the
> documentation which might solve my problem. But i am not able to understand
> its use and the meaning of *krb5_init_creds_context* argument in this
> function.

That's probably not what you want, since you are accepting a security
context and that function is part of a suite of functions for getting
initial credentials.

If your server is using GSSAPI, you have a couple of options for
specifying the location of the krb5 keytab:

1. Call krb5_gss_register_acceptor_identity(keytabname).  This extension
is present in MIT krb5 and Heimdal, and sets a thread-specific variable
which is used as the keytab name.

2. Get your acceptor credentials with
"gss_krb5_import_cred(&minor_status, NULL, princ, keytab, &cred)", where
princ is a krb5_principal and keytab is a krb5_keytab.  This extension
is present in MIT krb5 (since 1.9, so it won't be in KfW 3.x) and Heimdal.

In krb5 1.11 we have gss_acquire_cred_from, which provides a
mechanism-neutral way to specify the locations of things like keytabs,
but that's too new to be in any KfW release.

More information about the krbdev mailing list