[3404] in Kerberos
Re: Flushing old service tickets
daemon@ATHENA.MIT.EDU (Bill Parod)
Tue Jun 14 20:32:54 1994
To: kerberos@MIT.EDU
Date: 14 Jun 1994 17:56:21 GMT
From: bill-parod@nwu.edu (Bill Parod)
Reply-To: bill-parod@nwu.edu (Bill Parod)
In article <2tho2e$or1@homer.cs.mcgill.ca> fnord@cs.mcgill.ca (Andrew
KUCHLING) writes:
> I'm adding Kerberos V4 authentication to a client/server application,
and am
> having a problem with expired service tickets. The client properly
> requests and gets a service ticket the first time with krb_mk_req. But
once
> the service ticket expires, it stays in the cache; subsequent calls to
> krb_mk_req don't fetch a new ticket. So how do I either delete the
expired
> ticket, or force krb_mk_req to fetch a new service ticket no matter
what?
> I've thought of using get_ap_tkt, but it appears to be purely for
Kerberos'
> internal use, and hence may not be portable to V5 or other future
versions.
I don't know if this is the preferred way, but I do the following to check
the existance and validity of cached tickets. I too would be interested in
any Kerberos programming books. This is pulled more or less from
get_admin_password() in kadmin.c.
#include <kadm.h>
#include <time.h>
CREDENTIALS c;
if ((krb_get_cred((char *)service, (char *)sinstance, krbrlm, &c)
== KSUCCESS) &&
(time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE)))
return(have_credentials = YES);
else
krb_get_in_tkt(...)
Bill Parod
