[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of different keytabs before gss_acquire_cred




"Markus Moeller" <huaraz@moeller.plus.com> writes:

> I have a server program which does the following:
>  
> putenv("KRB5_KTNAME=FILE:/etc/my.keytab");
> gss_import_name(..);
> gss_acquire_cred(..);
> gss_accept_sec_context();

Heimdal resolves the KRB5_KTFILE when running krb5_init_context() are you
sure you don't call any gss functions before setting KRB5_KTNAME ?

You can use gsskrb5_register_acceptor_identity() to change keytab.

I'm not sure why it would fail to pick up KRB5_KTNAME (unless you are using
a setuid application.

Love

PGP signature