Credential Cache for multiple client principal names
Rick van Rein
rick at openfortress.nl
Wed Jun 29 10:15:11 EDT 2016
Hello,
I'm trying to create [1] a mechanism to be used from multiple client
principal names, each with their own service tickets. Secure separation
between the identities is not an issue.
It is not clear to me how to do this. I suspect I should use
DIR:/var/mytool and perhaps KEYRING: on Linux, but it is not clear if
I'm supposed to read and write tickets (including krbtgt) for various
client principal names in the same cache, or that I should instead
iterate it as a credential cache collection, and prod each credentials
cache for the (default) client principal name and add a new one to the
collection if I need it.
Can you help me, or perhaps show me some examples that do this?
Thanks,
-Rick
[1] I'm working on a "TLS Pool" daemon [2] that takes TLS logic away
from applications and that will incorporate a mode for Kerberos [3].
[2] http://tlspool.arpa2.net
[3] https://tools.ietf.org/html/draft-vanrein-tls-kdh-04
More information about the krbdev
mailing list