[30929] in Kerberos
Re: Kerberos authetication against multiple Windows Domains
daemon@ATHENA.MIT.EDU (Markus Moeller)
Wed Mar 25 20:10:22 2009
To: kerberos@mit.edu
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Thu, 26 Mar 2009 00:09:01 -0000
Message-ID: <gqeh33$dbu$1@ger.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
In-Reply-To: <gqe914$m15$1@ger.gmane.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Here is a small program which you could use to test to get a service ticket.
If you do
# kinit markus@SUSE.HOME
Password for markus@SUSE.HOME:
# klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: markus@SUSE.HOME
Valid starting Expires Service principal
03/25/09 23:44:21 03/26/09 09:44:21 krbtgt/SUSE.HOME@SUSE.HOME
renew until 03/26/09 23:44:21
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
# ./get_service_ticket opensuse11.suse.home HTTP
# klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: markus@SUSE.HOME
Valid starting Expires Service principal
03/25/09 23:44:21 03/26/09 09:44:21 krbtgt/SUSE.HOME@SUSE.HOME
renew until 03/26/09 23:44:21
03/25/09 23:44:32 03/26/09 09:44:21 HTTP/opensuse11.suse.home@SUSE.HOME
renew until 03/26/09 23:44:21
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
# kdestroy
You should see that you got the service ticket in your credential cache.
Regards
Markus
#include <string.h>
#include <stdio.h>
#include <krb5.h>
#include <com_err.h>
int main(argc, argv)
int argc;
char *argv[];
{
krb5_creds creds;
krb5_creds *new_creds = 0;
krb5_error_code kret;
krb5_ccache ccache;
krb5_cc_cursor cursor;
krb5_context kcontext = 0;
krb5_get_init_creds_opt options;
krb5_principal *principal;
char* hostname;
char* service;
if (argc<3) {
fprintf(stderr, "Usage: %s hostname service\n",argv[0]);
return(1);
}
hostname = strdup(argv[1]);
service = strdup(argv[2]);
kret = krb5_init_context(&kcontext);
if (kret) {
com_err(argv[0], kret,
"while initialising context");
exit(1);
}
if ((kret = krb5_cc_default(kcontext, &ccache))) {
com_err(argv[0], kret,
"while initialising ccache");
exit(2);
}
if ((kret = krb5_cc_get_principal( kcontext, ccache, principal))) {
com_err(argv[0], kret,
"while initialising ccache");
exit(3);
}
if ((kret = krb5_cc_start_seq_get( kcontext, ccache, &cursor))) {
com_err(argv[0], kret,
"while initialising ccache");
exit(4);
}
if ((kret = krb5_cc_next_cred( kcontext, ccache, &cursor, &creds)))
{
com_err(argv[0], kret,
"while initialising ccache");
exit(5);
}
if ((kret = krb5_sname_to_principal(kcontext, hostname,
service, KRB5_NT_UNKNOWN,
&creds.server))) {
com_err(argv[0], kret,
"while initialising server creds");
exit(6);
}
if ((kret = krb5_get_credentials(kcontext, 0,
ccache, &creds, &new_creds))) {
com_err(argv[0], kret,
"while getting credentials");
exit(7);
}
}
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos