[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Easiest way to get service ticket after obtaining tgt

To: Jeremiah Martell <inlovewithgod@gmail.com>
Subject: Re: Easiest way to get service ticket after obtaining tgt
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Thu, 13 Oct 2005 15:10:43 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: <233eb300510130548n3dfca107u6fa098feb92169ea@mail.gmail.com> (JeremiahMartell's message of "Thu, 13 Oct 2005 08:48:10 -0400")
References: <233eb300510121232j6650ca0fpe8464258bf1c107f@mail.gmail.com><m2ek6qxfee.fsf@c80-217-232-48.cm-upc.chello.se><233eb300510130548n3dfca107u6fa098feb92169ea@mail.gmail.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/22.0.50 (darwin)


Jeremiah,

It would be username@SOMEREALM.COM in client and
ldap/somehome.someDomain.com@SOMEREALM.COM in server. Check the source code
for kgetcred in kuser/kgetcred.c how to use it.

Love


Jeremiah Martell <inlovewithgod@gmail.com> writes:

> Love,
>
>    Thanks. That does help. I'm still a little hazzy on what goes into
> in_creds->server and in_creds->client. I guess that server would be
> someDomain.com in this case? or "ldap/someDomain.com"? and client would be my
> username? "username@SOMEREALM.COM"? I'll keep digging for the answers, but I'll
> be checking my email to see if you've written back. :-)
>
>    Thanks again!
>
>  - Jeremiah
>  inlovewithGod@gmail.com
>
> On 10/12/05, Love H?rnquist ?strand <lha@kth.se > wrote:
>
>
>     Jeremiah Martell <inlovewithgod@gmail.com > writes:
>
>     > Hello,
>     >
>     >    I currently use krb5_make_principal() and krb5_get_init_creds_password
>     () to
>     > obtain a tgt, and then krb5_cc_default(), krb5_cc_initialize, and
>     > krb5_cc_store_cred() to store the tgt in the cache. So far this is easy.
>     :-)
>     >
>     >    Now, if I wanted to obtain a service ticket for ldap, in domain
>     > someDomain.com (which is in SOMEDOMAIN.COM realm), what's the easiest way
>     > to do this with the heimdal api function calls? I've looked at
>     > krb5_get_credentials, but I'm unsure what to put in the *increds or
>     > **outcreds variables.
>
>     The manual page for krb5_get_credentials didn't really say, so I updatated
>     it to this:
>
>          krb5_get_credentials_with_flags() get credentials specified by
>          in_creds->server and in_creds->client (the rest of the in_creds
>     structure
>          is ignored) by first looking in the ccache and if doesn't exists or is
>          expired, fetch the credential from the KDC using the krbtgt in ccache.
>          The credential is returned in out_creds and should be freed using the
>          function krb5_free_creds().
>
>     is that enough ?
>
>     Love

PGP signature

Follow-Ups:
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>

References:
- Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>

Prev by Date: Re: Easiest way to get service ticket after obtaining tgt
Next by Date: Re: Enabling arcfour on Heimdal-0.6.3/OpenBSD
Prev by thread: Re: Easiest way to get service ticket after obtaining tgt
Next by thread: Re: Easiest way to get service ticket after obtaining tgt
Index(es):
- Date
- Thread