[36152] in Kerberos
Re: krb5-1.12.1 and client keytab file
daemon@ATHENA.MIT.EDU (squidmobile@fastmail.fm)
Thu May 29 14:28:54 2014
Message-Id: <1401384945.25260.122975045.3E57CBE4@webmail.messagingengine.com>
From: "squidmobile@fastmail.fm" <squidmobile@fastmail.fm>
To: kerberos@mit.edu
MIME-Version: 1.0
Date: Thu, 29 May 2014 13:35:45 -0400
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
29 may 2014
greetings,
many thanks to michael.
>Simply compile a recent version of MIT Kerberos, re-link your
>application and then do:
>$ export KRB5_CLIENT_KTNAME=<locatiion> # e.g. $HOME/client.keytab
>$ app-with-gssapi-calls # in my case curl
i just noticed something. i run app-name, and not kinit?
i thought this was a two-step process: kinit and then app. i
expected to see kinit automagically obtain my tgt.
my failed logic ran:
kadmin -p my/admin
ktadd -k ./some.key.file my/principal
kdestroy
KRB5_CLIENT_KTNAME=./some.key.file kinit
at this point, kinit did what it wanted and not what i expected.
ummm. openldap does not directly play with gssapi. it uses
cyrus-sasl to play with gssapi. will cyrus-sasl pick this up?
time for some more tests...
>PS: Thanks for the devs making this feature happen
agreed. this is much simpler than i expected.
many thanks for the tip.
frank smith
--
http://www.fastmail.fm - IMAP accessible web-mail
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
