[prev in list] [next in list] [prev in thread] [next in thread] 

List:       krbdev
Subject:    Re: Setting default key table file for Kerberos server
From:       Vipul Mehta <vipulmehta.1989 () gmail ! com>
Date:       2013-03-06 13:35:18
Message-ID: CAMeQEL-K_y5LoN9i5Cbg_RoiOJo3AkH77wDCqCPQveRaMFM7LA () mail ! gmail ! com
[Download RAW message or body]

Thanks Greg, I tried them and both the methods worked fine though second
one looks better for multiple server threads with different service
principals.



On Tue, Mar 5, 2013 at 11:11 PM, Greg Hudson <ghudson@mit.edu> wrote:

> On 03/05/2013 06:46 AM, Vipul Mehta wrote:
> > I found a function :* **krb5_init_creds_set_keytab()** *in the
> > documentation which might solve my problem. But i am not able to
> understand
> > its use and the meaning of *krb5_init_creds_context* argument in this
> > function.
>
> That's probably not what you want, since you are accepting a security
> context and that function is part of a suite of functions for getting
> initial credentials.
>
> If your server is using GSSAPI, you have a couple of options for
> specifying the location of the krb5 keytab:
>
> 1. Call krb5_gss_register_acceptor_identity(keytabname).  This extension
> is present in MIT krb5 and Heimdal, and sets a thread-specific variable
> which is used as the keytab name.
>
> 2. Get your acceptor credentials with
> "gss_krb5_import_cred(&minor_status, NULL, princ, keytab, &cred)", where
> princ is a krb5_principal and keytab is a krb5_keytab.  This extension
> is present in MIT krb5 (since 1.9, so it won't be in KfW 3.x) and Heimdal.
>
> In krb5 1.11 we have gss_acquire_cred_from, which provides a
> mechanism-neutral way to specify the locations of things like keytabs,
> but that's too new to be in any KfW release.
>
>


-- 
Regards,
Vipul
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
[prev in list] [next in list] [prev in thread] [next in thread]