I am trying to interface with our Windows 2000 server using Kerberos. I would like a client to obtain a credential handle for a given user with a supplied password. Using GSSAPI this involves calling gss_init_sec_context and instead of passing GSS_C_NO_CREDENTIAL I would like to pass the opaque handle gss_cred_id_t which is obtained via gss_acquire_cred. The problem is that gss_acquire_cred only has the option to specify a credential by name (not password). So I am assuming that the way to go would be to look at what kinit does and then the "name" of the credential is probably the prinicipal name. I call the following:
GSSAPI does not have an API for getting initial credentials (i.e. 'kinit' functionality). The user must establish their personal credentials external to the GSSAPI application
(example: run kinit, then run the GSSAPI application).
krb5_init_contextDepending on where you put this code, you are likely violating the abstraction
krb5_cc_default
krb5_parse_name (passing the principal name [EMAIL PROTECTED])
krb5_unparse_name (because that is what kinit does)
layer that GSSAPI was designed to provide. An application that calls
GSSAPI should never call an mechanism-specific API.
-Wyllys
Then I call krb5_get_init_creds_password and I get an error indicating the my I/O flags are not appropriate. This is a Windows application so tty settings and I/O setting are not really applicable. Is there another way to get a set of credentials given a user name and password? Ideally I would like a gss_cred_id_t handle of the credentials but right now I would take anything.
Thank you for your suggestions.
Kevin
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
