[30929] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Kerberos authetication against multiple Windows Domains

daemon@ATHENA.MIT.EDU (Markus Moeller)
Wed Mar 25 20:10:22 2009

To: kerberos@mit.edu
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Thu, 26 Mar 2009 00:09:01 -0000
Message-ID: <gqeh33$dbu$1@ger.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
In-Reply-To: <gqe914$m15$1@ger.gmane.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Here is a small program which you could use to test to get a service ticket.

If you do

# kinit markus@SUSE.HOME
Password for markus@SUSE.HOME:

# klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: markus@SUSE.HOME

Valid starting     Expires            Service principal
03/25/09 23:44:21  03/26/09 09:44:21  krbtgt/SUSE.HOME@SUSE.HOME
        renew until 03/26/09 23:44:21


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
# ./get_service_ticket opensuse11.suse.home HTTP
# klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: markus@SUSE.HOME

Valid starting     Expires            Service principal
03/25/09 23:44:21  03/26/09 09:44:21  krbtgt/SUSE.HOME@SUSE.HOME
        renew until 03/26/09 23:44:21
03/25/09 23:44:32  03/26/09 09:44:21  HTTP/opensuse11.suse.home@SUSE.HOME
        renew until 03/26/09 23:44:21


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
# kdestroy


You should see that you got the service ticket in your credential cache.

Regards
Markus


#include <string.h>
#include <stdio.h>
#include <krb5.h>
#include <com_err.h>

int main(argc, argv)
        int argc;
        char *argv[];
{
        krb5_creds creds;
        krb5_creds *new_creds = 0;
        krb5_error_code kret;
        krb5_ccache ccache;
        krb5_cc_cursor cursor;
        krb5_context kcontext = 0;
        krb5_get_init_creds_opt options;
        krb5_principal *principal;
        char* hostname;
        char* service;

        if (argc<3) {
           fprintf(stderr, "Usage: %s hostname service\n",argv[0]);
           return(1);
        }
        hostname = strdup(argv[1]);
        service = strdup(argv[2]);

        kret = krb5_init_context(&kcontext);
        if (kret) {
            com_err(argv[0], kret,
                            "while initialising context");
            exit(1);
        }

        if ((kret = krb5_cc_default(kcontext, &ccache))) {
            com_err(argv[0], kret,
                            "while initialising ccache");
            exit(2);
        }

        if ((kret = krb5_cc_get_principal( kcontext, ccache, principal))) {
            com_err(argv[0], kret,
                            "while initialising ccache");
            exit(3);
        }

        if ((kret = krb5_cc_start_seq_get( kcontext, ccache, &cursor))) {
            com_err(argv[0], kret,
                            "while initialising ccache");
            exit(4);
        }

        if ((kret = krb5_cc_next_cred( kcontext, ccache, &cursor,  &creds))) 
{
            com_err(argv[0], kret,
                            "while initialising ccache");
            exit(5);
        }


        if ((kret = krb5_sname_to_principal(kcontext, hostname,
                                         service, KRB5_NT_UNKNOWN,
                                         &creds.server))) {
            com_err(argv[0], kret,
                            "while initialising server creds");
            exit(6);
        }

        if ((kret = krb5_get_credentials(kcontext, 0,
                                      ccache, &creds, &new_creds))) {
            com_err(argv[0], kret,
                            "while getting credentials");
            exit(7);
        }

}


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post