Setting default key table file for Kerberos server
Vipul Mehta
vipulmehta.1989 at gmail.com
Wed Mar 6 08:23:18 EST 2013
Thanks Greg, I tried them and both the methods worked fine though second
one looks better for multiple server threads with different service
principals.
On Tue, Mar 5, 2013 at 11:11 PM, Greg Hudson <ghudson at mit.edu> wrote:
> On 03/05/2013 06:46 AM, Vipul Mehta wrote:
> > I found a function :* **krb5_init_creds_set_keytab()** *in the
> > documentation which might solve my problem. But i am not able to
> understand
> > its use and the meaning of *krb5_init_creds_context* argument in this
> > function.
>
> That's probably not what you want, since you are accepting a security
> context and that function is part of a suite of functions for getting
> initial credentials.
>
> If your server is using GSSAPI, you have a couple of options for
> specifying the location of the krb5 keytab:
>
> 1. Call krb5_gss_register_acceptor_identity(keytabname). This extension
> is present in MIT krb5 and Heimdal, and sets a thread-specific variable
> which is used as the keytab name.
>
> 2. Get your acceptor credentials with
> "gss_krb5_import_cred(&minor_status, NULL, princ, keytab, &cred)", where
> princ is a krb5_principal and keytab is a krb5_keytab. This extension
> is present in MIT krb5 (since 1.9, so it won't be in KfW 3.x) and Heimdal.
>
> In krb5 1.11 we have gss_acquire_cred_from, which provides a
> mechanism-neutral way to specify the locations of things like keytabs,
> but that's too new to be in any KfW release.
>
>
--
Regards,
Vipul
More information about the krbdev
mailing list