[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Easiest way to get service ticket after obtaining tgt




Jeremiah,

It would be username@SOMEREALM.COM in client and
ldap/somehome.someDomain.com@SOMEREALM.COM in server. Check the source code
for kgetcred in kuser/kgetcred.c how to use it.

Love


Jeremiah Martell <inlovewithgod@gmail.com> writes:

> Love,
>
>    Thanks. That does help. I'm still a little hazzy on what goes into
> in_creds->server and in_creds->client. I guess that server would be
> someDomain.com in this case? or "ldap/someDomain.com"? and client would be my
> username? "username@SOMEREALM.COM"? I'll keep digging for the answers, but I'll
> be checking my email to see if you've written back. :-)
>
>    Thanks again!
>
>  - Jeremiah
>  inlovewithGod@gmail.com
>
> On 10/12/05, Love H?rnquist ?strand <lha@kth.se > wrote:
>
>
>     Jeremiah Martell <inlovewithgod@gmail.com > writes:
>
>     > Hello,
>     >
>     >    I currently use krb5_make_principal() and krb5_get_init_creds_password
>     () to
>     > obtain a tgt, and then krb5_cc_default(), krb5_cc_initialize, and
>     > krb5_cc_store_cred() to store the tgt in the cache. So far this is easy.
>     :-)
>     >
>     >    Now, if I wanted to obtain a service ticket for ldap, in domain
>     > someDomain.com (which is in SOMEDOMAIN.COM realm), what's the easiest way
>     > to do this with the heimdal api function calls? I've looked at
>     > krb5_get_credentials, but I'm unsure what to put in the *increds or
>     > **outcreds variables.
>
>     The manual page for krb5_get_credentials didn't really say, so I updatated
>     it to this:
>
>          krb5_get_credentials_with_flags() get credentials specified by
>          in_creds->server and in_creds->client (the rest of the in_creds
>     structure
>          is ignored) by first looking in the ccache and if doesn't exists or is
>          expired, fetch the credential from the KDC using the krbtgt in ccache.
>          The credential is returned in out_creds and should be freed using the
>          function krb5_free_creds().
>
>     is that enough ?
>
>     Love

PGP signature