I am taking this directly from the kinit source. I want this functionality to be embedded in the app.
Kevin "Wyllys Ingersoll" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Kevin Burton wrote: > > >I am trying to interface with our Windows 2000 server using Kerberos. I > >would like a client to obtain a credential handle for a given user with a > >supplied password. Using GSSAPI this involves calling gss_init_sec_context > >and instead of passing GSS_C_NO_CREDENTIAL I would like to pass the opaque > >handle gss_cred_id_t which is obtained via gss_acquire_cred. The problem is > >that gss_acquire_cred only has the option to specify a credential by name > >(not password). So I am assuming that the way to go would be to look at what > >kinit does and then the "name" of the credential is probably the prinicipal > >name. I call the following: > > > > GSSAPI does not have an API for getting initial credentials (i.e. > 'kinit' functionality). > The user must establish their personal credentials external to the > GSSAPI application > (example: run kinit, then run the GSSAPI application). > > >krb5_init_context > >krb5_cc_default > >krb5_parse_name (passing the principal name [EMAIL PROTECTED]) > >krb5_unparse_name (because that is what kinit does) > > > > > Depending on where you put this code, you are likely violating the > abstraction > layer that GSSAPI was designed to provide. An application that calls > GSSAPI should never call an mechanism-specific API. > > -Wyllys > > >Then I call krb5_get_init_creds_password and I get an error indicating the > >my I/O flags are not appropriate. This is a Windows application so tty > >settings and I/O setting are not really applicable. Is there another way to > >get a set of credentials given a user name and password? Ideally I would > >like a gss_cred_id_t handle of the credentials but right now I would take > >anything. > > > >Thank you for your suggestions. > > > >Kevin > > > > > >________________________________________________ > >Kerberos mailing list [EMAIL PROTECTED] > >https://mailman.mit.edu/mailman/listinfo/kerberos > > > > > > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
