[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of different keytabs before gss_acquire_cred

To: Love_Hörnquist_Åstrand <lha@kth.se>
Subject: Re: Use of different keytabs before gss_acquire_cred
From: Markus Moeller <huaraz@moeller.plus.com>
Date: Wed, 13 Apr 2005 12:08:47 +0100
Cc: heimdal-discuss@sics.se
Reply-To: huaraz@moeller.plus.com
Sender: owner-heimdal-discuss@sics.se

Love,

if I use gsskrb5_register_acceptor_identity() it sets the new keytab value, but
how can I switch back to the default ? Since I use only gss calls I don't have a
krb5 context.So it looks as I have to do the following.

kret = krb5_init_context(&krb5_context);
kret = krb5_kt_default(krb5_context, keytab);
kret = krb5_kt_get_name(krb5_context,
                        krb5_keytab,
                        kt_name, sizeof(kt_name)); 
gsskrb5_register_acceptor_identity(kt_name);

Is there an easier way ? With MIT it would be enough to set/unset the environment
variable, before the first gss_xx call.

Thanks
Markus


On Tue Apr 12 17:18 , Love_Hörnquist_Åstrand <lha@kth.se> sent:

>
>"Markus Moeller" huaraz@moeller.plus.com> writes:
>
>> I have a server program which does the following:
>>  
>> putenv("KRB5_KTNAME=FILE:/etc/my.keytab");
>> gss_import_name(..);
>> gss_acquire_cred(..);
>> gss_accept_sec_context();
>
>Heimdal resolves the KRB5_KTFILE when running krb5_init_context() are you
>sure you don't call any gss functions before setting KRB5_KTNAME ?
>
>You can use gsskrb5_register_acceptor_identity() to change keytab.
>
>I'm not sure why it would fail to pick up KRB5_KTNAME (unless you are using
>a setuid application.
>
>Love
>

Prev by Date: Re: Use of different keytabs before gss_acquire_cred
Next by Date: Re: Hmmm. Dump compatibility between Heimdal versions?
Prev by thread: Re: Use of different keytabs before gss_acquire_cred
Next by thread: Re: Use of different keytabs before gss_acquire_cred
Index(es):
- Date
- Thread