[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of different keytabs before gss_acquire_cred


if I use gsskrb5_register_acceptor_identity() it sets the new keytab value, but
how can I switch back to the default ? Since I use only gss calls I don't have a
krb5 context.So it looks as I have to do the following.

kret = krb5_init_context(&krb5_context);
kret = krb5_kt_default(krb5_context, keytab);
kret = krb5_kt_get_name(krb5_context,
                        kt_name, sizeof(kt_name)); 

Is there an easier way ? With MIT it would be enough to set/unset the environment
variable, before the first gss_xx call.


On Tue Apr 12 17:18 , Love_Hörnquist_Åstrand <lha@kth.se> sent:

>"Markus Moeller" huaraz@moeller.plus.com> writes:
>> I have a server program which does the following:
>> putenv("KRB5_KTNAME=FILE:/etc/my.keytab");
>> gss_import_name(..);
>> gss_acquire_cred(..);
>> gss_accept_sec_context();
>Heimdal resolves the KRB5_KTFILE when running krb5_init_context() are you
>sure you don't call any gss functions before setting KRB5_KTNAME ?
>You can use gsskrb5_register_acceptor_identity() to change keytab.
>I'm not sure why it would fail to pick up KRB5_KTNAME (unless you are using
>a setuid application.