Multiple KDC's realm heuristic for KRB5CCNAME=DIR:/tmp/mydir/ ccache not working
ghudson at mit.edu
Thu Jul 26 12:05:38 EDT 2018
On 07/26/2018 11:54 AM, Martin Gee wrote:
> I'm assuming *gss_spn_name +* GSS_C_BOTH is exercising both env variables?
Yes. GSS_C_BOTH asks for both client and server credentials in the
resulting cred. The client side of the cred uses $KRB5_CLIENT_KTNAME
(or the "client_keytab" key in gss_acquire_cred_from()) as well as the
$KRB5CCNAME (or the "ccache" key), while the server side uses
$KRB5_KTNAME (or the "keytab" key).
I get that you are working from t_s4u at the moment, and that program
does an init_sec_context and accept_sec_context to itself for testing
purposes. But I would guess that your actual application should not
need to call accept_sec_context(), so you can probably acquire the cred
with GSS_C_INITIATE and not bother with $KRB5_KTNAME.
More information about the krbdev