Getting ticket from the KDC in C

Ken Hornstein kenh at
Wed Jan 6 10:26:03 EST 2021

It should be noted that if your server is expecting a GSSAPI token, then
you should really be using the C GSSAPI mechanism, because the GSSAPI
Kerberos 5 mechanism is a Kerberos message wrapped with extra stuff, so
if you wanted to just use the raw Kerberos API, you'd need to add that
extra stuff around the Kerberos messages.

But to answer your question ... you are very close.

>    retval = krb5_get_credentials(context, 0, ccache, &inCreds, &outCreds);

After THIS, you need to generate a KRB_AP_REQ message; that's the
message a Kerberos client sends to an application server.  You can do
that with the functions krb5_mk_req() or krb5_mk_req_extended().  That
will generate a data blob you can send to your application server
however you want (where you will process it with krb5_rd_req()).  But
like I said, _IF_ your server is expecting a GSSAPI token you should
really use the GSSAPI to generate those.


More information about the krbdev mailing list