[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: heimdal API



I'm trying to obtain the credentials and store them in memory.  There will
be multiple copies of the same program running on a single machine, and we
don't want the different copies to be able to access each other's
credentials, which could happen in certain scenarios if we store the
credentials in the cache.  Plus, on a crash, we don't want any copies of the
credentials or anything else left around on disk.  

So is there a way to use krb5_mk_req or krb5_get_credentials with some sort
of flags such that it won't store the credentials in the cache?  I suppose I
could simply re-implement krb5_get_credentials, eliminating the part in the
code that stores the credentials, but I was hoping there was a cleaner, more
correct way to do it.  

Thanks,
    Dan

-----Original Message-----
From: joda@pdc.kth.se [mailto:joda@pdc.kth.se]
Sent: Thursday, August 30, 2001 7:05 PM
To: dtennant@panasas.com
Cc: heimdal-discuss@sics.se
Subject: Re: heimdal API


dtennant@panasas.com writes:

> I don't want the ticket to be stored in the credentials cache, which
> seems to rule out the use of the obvious krb5_get_credentials, and
> krb5_get_cred_from_kdc doesn't seem to have an option that doesn't
> look in the credential cache for the TGT.

Why not? What are you really trying to do. The normal behaviour is to
use krb5_mk_req or similar.

/Johan