[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Easiest way to get service ticket after obtaining tgt
Love,
Thanks. That does help. I'm still a little hazzy on what
goes into in_creds->server and in_creds->client. I guess that
server would be someDomain.com in this case? or "ldap/someDomain.com"?
and client would be my username? "username@SOMEREALM.COM"? I'll keep
digging for the answers, but I'll be checking my email to see if you've
written back. :-)
Thanks again!
- Jeremiah
inlovewithGod@gmail.com
On 10/12/05, Love Hörnquist Åstrand <lha@kth.se
> wrote:
Jeremiah Martell <inlovewithgod@gmail.com
> writes:
> Hello,
>
> I currently use krb5_make_principal() and krb5_get_init_creds_password() to
> obtain a tgt, and then krb5_cc_default(), krb5_cc_initialize, and
> krb5_cc_store_cred() to store the tgt in the cache. So far this is easy. :-)
>
> Now, if I wanted to obtain a service ticket for ldap, in domain
> someDomain.com (which is in SOMEDOMAIN.COM realm), what's the easiest way
> to do this with the heimdal api function calls? I've looked at
> krb5_get_credentials, but I'm unsure what to put in the *increds or
> **outcreds variables.
The manual page for krb5_get_credentials didn't really say, so I updatated
it to this:
krb5_get_credentials_with_flags() get credentials specified by
in_creds->server and in_creds->client (the rest of the in_creds structure
is ignored) by first looking in the ccache and if doesn't exists or is
expired, fetch the credential from the KDC using the krbtgt in ccache.
The credential is returned in out_creds and should be freed using the
function krb5_free_creds().
is that enough ?
Love