[30746] in Kerberos
Establishing client credentials (TGT etc.) with GSSAPI
daemon@ATHENA.MIT.EDU (Chris)
Fri Feb 20 17:28:57 2009
From: Chris <chriscorbell@gmail.com>
Date: Fri, 20 Feb 2009 13:24:06 -0800 (PST)
Message-ID: <873ae429-4e89-493b-9836-ebc3c6724318@33g2000yqm.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I'm working on implementing Kerberos authentication from a C++ client
to a Java service. The Java service wants a GSSAPI context.
Is it correct that, if you can't rely on default GSSAPI credentials
(i.e. login identity and pre-cached TGT), then a client should use
gss_acquire_credentials() to establish this? I have tried this but
haven't had success and just want to make sure I'm on the right path.
I need to be able to explicitly set the client principal, realm, and
KDC - not just rely on login and client machine configuration - and
obtain a TGT (whether from local cache or the AS, possibly with a
password prompt), and then use this to call gss_init_context() which I
expect to request the actual service ticket.
Is gss_acquire_credentials() the right call? Anyone know of any
sample code for this kind of explicit credentials configuration on the
client (i.e. gss_init_context) side?
TIA
- Chris
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
