The client will more than likely be running on UNIX but I need to test it on Windows. Right now I am using KfW 2.6 beta.
Kevin ""Douglas E. Engert"" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > > Kevin Burton wrote: > > > > I am trying to interface with our Windows 2000 server using Kerberos. I > > would like a client to obtain a credential handle for a given user with a > > supplied password. > > If the client is running on UNIX, you can setting KRB5CCNAME .... > then do a kinit then call your application. The gss_acquire_cred will use > the underlying implementations method to find the credential. > > If the client is on Windows there are some other things you can do. > > > Using GSSAPI this involves calling gss_init_sec_context > > and instead of passing GSS_C_NO_CREDENTIAL I would like to pass the opaque > > handle gss_cred_id_t which is obtained via gss_acquire_cred. The problem is > > that gss_acquire_cred only has the option to specify a credential by name > > The name would be which credential in a credential cache. Its not what > you might think. > > > (not password). So I am assuming that the way to go would be to look at what > > kinit does and then the "name" of the credential is probably the prinicipal > > name. I call the following: > > > > krb5_init_context > > krb5_cc_default > > krb5_parse_name (passing the principal name [EMAIL PROTECTED]) > > krb5_unparse_name (because that is what kinit does) > > > > Then I call krb5_get_init_creds_password and I get an error indicating the > > my I/O flags are not appropriate. This is a Windows application so tty > > settings and I/O setting are not really applicable. Is there another way to > > get a set of credentials given a user name and password? Ideally I would > > like a gss_cred_id_t handle of the credentials but right now I would take > > anything. > > (This is not tested:) > #!/bin/sh > KRB5CCNAME=FILE:/tmp/krb5_cc.appl.$$ i.e. make it unique > export KRB5CCNAME > kinit > application > kdestroy > > If it has to be in the applicaiton how about something like: > setenv("KRB5CCNAME", somefilename); > system("kinit"); /* or call some krb5 routines */ > gss_acquire_cred(); > > > > > > Thank you for your suggestions. > > > > Kevin > > > > ________________________________________________ > > Kerberos mailing list [EMAIL PROTECTED] > > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- > > Douglas E. Engert <[EMAIL PROTECTED]> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
