[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of different keytabs before gss_acquire_cred


As far as I know there is no need for any additional gss or kerberos calls 
beforehand. I'll try gsskrb5_register_acceptor_identity and let you know 
what I get.


----- Original Message ----- 
From: "Love Hörnquist Åstrand" <lha@kth.se>
To: "Markus Moeller" <huaraz@moeller.plus.com>
Cc: <heimdal-discuss@sics.se>
Sent: Tuesday, April 12, 2005 5:18 PM
Subject: Re: Use of different keytabs before gss_acquire_cred

"Markus Moeller" <huaraz@moeller.plus.com> writes:

> I have a server program which does the following:
> putenv("KRB5_KTNAME=FILE:/etc/my.keytab");
> gss_import_name(..);
> gss_acquire_cred(..);
> gss_accept_sec_context();

Heimdal resolves the KRB5_KTFILE when running krb5_init_context() are you
sure you don't call any gss functions before setting KRB5_KTNAME ?

You can use gsskrb5_register_acceptor_identity() to change keytab.

I'm not sure why it would fail to pick up KRB5_KTNAME (unless you are using
a setuid application.