[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Easiest way to get service ticket after obtaining tgt


   Thanks. That does help. I'm still a little hazzy on what goes into in_creds->server and in_creds->client. I guess that server would be someDomain.com in this case? or "ldap/someDomain.com"? and client would be my username? "username@SOMEREALM.COM"? I'll keep digging for the answers, but I'll be checking my email to see if you've written back. :-)

   Thanks again!

 - Jeremiah

On 10/12/05, Love Hörnquist Åstrand <lha@kth.se > wrote:

Jeremiah Martell <inlovewithgod@gmail.com > writes:

> Hello,
>    I currently use krb5_make_principal() and krb5_get_init_creds_password() to
> obtain a tgt, and then krb5_cc_default(), krb5_cc_initialize, and
> krb5_cc_store_cred() to store the tgt in the cache. So far this is easy. :-)
>    Now, if I wanted to obtain a service ticket for ldap, in domain
> someDomain.com (which is in SOMEDOMAIN.COM realm), what's the easiest way
> to do this with the heimdal api function calls? I've looked at
> krb5_get_credentials, but I'm unsure what to put in the *increds or
> **outcreds variables.

The manual page for krb5_get_credentials didn't really say, so I updatated
it to this:

     krb5_get_credentials_with_flags() get credentials specified by
     in_creds->server and in_creds->client (the rest of the in_creds structure
     is ignored) by first looking in the ccache and if doesn't exists or is
     expired, fetch the credential from the KDC using the krbtgt in ccache.
     The credential is returned in out_creds and should be freed using the
     function krb5_free_creds().

is that enough ?