[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GSSAPI & non-default keytab file
Hello,
I have a daemon using GSSAPI/KerberosV authentication. The daemon is not
running as root so it cannot read the default keytab file. I tried to
use gsskrb5_register_acceptor_identity() to specify an other keytab file,
but I needed to patch the source to make it work (patch below).
Gabor
Index: lib/gssapi/accept_sec_context.c
===================================================================
RCS file: /pkg/maint/cvs/heimdal/lib/gssapi/accept_sec_context.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 accept_sec_context.c
--- lib/gssapi/accept_sec_context.c 2000/10/08 19:09:36 1.1.1.2
+++ lib/gssapi/accept_sec_context.c 2000/11/22 21:54:00
@@ -41,6 +41,9 @@
gsskrb5_register_acceptor_identity (char *identity)
{
char *p;
+
+ gssapi_krb5_init ();
+
if(gss_keytab != NULL) {
krb5_kt_close(gssapi_krb5_context, gss_keytab);
gss_keytab = NULL;
@@ -189,12 +192,11 @@
goto failure;
}
- if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
- if (gss_keytab != NULL) {
- keytab = gss_keytab;
- }
- } else if (acceptor_cred_handle->keytab != NULL) {
- keytab = acceptor_cred_handle->keytab;
+ if (acceptor_cred_handle->keytab != NULL) {
+ keytab = acceptor_cred_handle->keytab;
+ }
+ else {
+ keytab = gss_keytab;
}
kret = krb5_rd_req (gssapi_krb5_context,
--
Gabor Gombas Eotvos Lorand University
E-mail: gombasg@inf.elte.hu Hungary