Handling credentials cache on Win32 without loading krbcc32s.exe?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Handling credentials cache on Win32 without loading krbcc32s.exe?

ltcwong
Hi all,

I'm new to Kerberos, so please pardon me if I'm asking something very
stupid or obvious...

Is it possible to use the MIT Kerberos v5 library without loading
krbcc32s.exe?  It seems like it has to get loaded in order for the
credentials cache library to work, but is it possible to use the rest
of the library without creating a credentials cache?  i.e. let the
application itself hold the Kerberos ticket.

Many methods in the MIT Kerberos v5 API require a krb5_ccache structure
in their parameter list.  Is it possible to obtain Kerberos tickets and
get authenticated etc, without using any of these methods?  Thanks a
lot!


Cheers,
T.C.

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Handling credentials cache on Win32 without loading krbcc32s.exe?

ltcwong
Just figured the title should be "handling kerberos tickets on Win32
without loading krbcc32s.exe?"...  lol

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Handling credentials cache on Win32 without loading krbcc32s.exe?

Jeffrey Altman-3
In reply to this post by ltcwong
[hidden email] wrote:

> Hi all,
>
> I'm new to Kerberos, so please pardon me if I'm asking something very
> stupid or obvious...
>
> Is it possible to use the MIT Kerberos v5 library without loading
> krbcc32s.exe?  It seems like it has to get loaded in order for the
> credentials cache library to work, but is it possible to use the rest
> of the library without creating a credentials cache?  i.e. let the
> application itself hold the Kerberos ticket.
>
> Many methods in the MIT Kerberos v5 API require a krb5_ccache structure
> in their parameter list.  Is it possible to obtain Kerberos tickets and
> get authenticated etc, without using any of these methods?  Thanks a
> lot!
>
>
> Cheers,
> T.C.
>

Instead of using the default "API:" ccache you can make use of a
"MEMORY:" ccache.   This will not prevent the execution of krbcc32s.exe
as the server is started when the library is loaded.  However, it will
ensure that the credentials your application obtains are maintained
internal to the process.

It should be noted that the MIT team advises against applications
prompting users to enter their credentials.  If this is an end user
application, it is preferable for the tickets to be obtained via the
provided ticket manager.   Leash32.exe in KFW 2.6.5.

Jeffrey Altman
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos