Thanks Greg I am able to write a new krb5cc which contains only the service ticket. But, the token hence generated by gss_init_sec_context using this credential file when used for HTTP Negotiate gives 401 Unauthorized. Do you see any possible catch here that might be causing this ?
Arpit On Wed, Mar 5, 2014 at 10:12 PM, Greg Hudson <[email protected]> wrote: > On 03/05/2014 10:55 AM, Arpit Srivastava wrote: > > That is the problem now. How to separate service tickets from the TGT so > > as to copy it (only) to the different cache ? It would be great if you > > can give some pointers. > > 1. Open the original ccache with krb5_cc_resolve. > 2. Retrieve the service cred with krb5_cc_retrieve_cred. > 3. Close the original ccache with krb5_cc_close. > 4. Open the new ccache with krb5_cc_resolve. > 5. Initialize the new ccache with krb5_cc_initialize. > 6. Store the previously obtained cred with krb5_cc_store_cred. > 7. Close the new ccache with krb5_cc_close. > 8. Release the service cred with krb5_free_cred_contents. > > Documentation for these functions is at: > > http://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/index.html > > If you have to iterate over the source ccache to find the service ticket > because krb5_cc_retrieve_cred won't work for you, use > krb5_cc_start_seq_get, krb5_cc_next_cred, and krb5_cc_end_seq_get. > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
