[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Easiest way to get service ticket after obtaining tgt
This is still not working for me. An ethereal trace shows me trying to get a ticket for "krbtgt/.", which is really strange.
Anybody tell me what I'm doing wrong?
Thanks,
- Jeremiah
/////////////////////////////////////////////////
krb5_context krbcontext;
krb5_principal krbprincipal;
krb5_ccache krbcache;
krb5_creds krbcreds;
memset( &krbcreds, 0, sizeof( krb5_creds ) );
krb5_creds increds;
krb5_creds *outcreds;
memset( &increds, 0, sizeof( krb5_creds ) );
krb5_principal server;
// get tgt, this works.
krb5_init_context( &krbcontext );
krb5_make_principal( krbcontext, &krbprincipal, realm.c_str(), username.c_str(), NULL );
krb5_get_init_creds_password( krbcontext, &krbcreds, krbprincipal, password.c_str(), NULL, NULL, 0, NULL, NULL );
// init cache, this works.
krb5_cc_default(krbcontext, &krbcache );
krb5_cc_initialize ( krbcontext, krbcache, krbcreds.client );
// store tgt in cache, this works.
krb5_cc_store_cred( krbcontext, krbcache, &krbcreds );
// the following values are hard-coded for now.
// make principal for server. works, but is it correct?
krb5_make_principal( krbcontext, &server, "LDAPREALM.COM", "ldap/ldaprealm.com", NULL );
increds.client = krbprincipal;
increds.server = server;
// get service ticket for ldap directory in LDAPREALM.COM.
// DOESN'T WORK.
krb5_get_credentials( krbcontext, 0, krbcache, &increds, &outcreds );
// store service ticket in cache, never reached
krb5_cc_store_cred( krbcontext, krbcache, outcreds );
///////////////////////////////////
On 10/13/05, Love Hörnquist Åstrand <lha@kth.se> wrote:
Jeremiah,
It would be username@SOMEREALM.COM in client and
ldap/somehome.someDomain.com@SOMEREALM.COM
in server. Check the source code
for kgetcred in kuser/kgetcred.c how to use it.
Love
Jeremiah Martell <inlovewithgod@gmail.com> writes:
> Love,
>
> Thanks. That does help. I'm still a little hazzy on what goes into
> in_creds->server and in_creds->client. I guess that server would be
> someDomain.com in this case? or "ldap/someDomain.com"? and client would be my
> username? "username@SOMEREALM.COM"? I'll keep digging for the answers, but I'll
> be checking my email to see if you've written back. :-)
>
> Thanks again!
>
> - Jeremiah
> inlovewithGod@gmail.com
>
> On 10/12/05, Love H?rnquist ?strand <lha@kth.se > wrote:
>
>
> Jeremiah Martell <inlovewithgod@gmail.com > writes:
>
> > Hello,
> >
> > I currently use krb5_make_principal() and krb5_get_init_creds_password
> () to
> > obtain a tgt, and then krb5_cc_default(), krb5_cc_initialize, and
> > krb5_cc_store_cred() to store the tgt in the cache. So far this is easy.
> :-)
> >
> > Now, if I wanted to obtain a service ticket for ldap, in domain
> > someDomain.com (which is in SOMEDOMAIN.COM realm), what's the easiest way
> > to do this with the heimdal api function calls? I've looked at
> > krb5_get_credentials, but I'm unsure what to put in the *increds or
> > **outcreds variables.
>
> The manual page for krb5_get_credentials didn't really say, so I updatated
> it to this:
>
> krb5_get_credentials_with_flags() get credentials specified by
> in_creds->server
and in_creds->client (the rest of the in_creds
> structure
> is
ignored) by first looking in the ccache and if doesn't exists or is
> expired,
fetch the credential from the KDC using the krbtgt in ccache.
> The
credential is returned in out_creds and should be freed using the
> function krb5_free_creds().
>
> is that enough ?
>
> Love