Need help: How to use different caches for TGT and TGS.
seeking your help for below:
Have default TGT in default cache location /tmp/krb5cc_36073 .
How to get TGS and store in different cache , but use TGT from default
Like in heimdal has ./kgetcred -c /tmp/krb5cc_36073
--out-cache=/tmp/imper_cache --impersonate=[hidden email] [hidden email]
where in kvno.c can i modify to request different cache location for TGS.
Re: Need help: How to use different caches for TGT and TGS.
On 12/13/2018 12:00 AM, Santosh Kumar wrote:
> Have default TGT in default cache location /tmp/krb5cc_36073 .
> How to get TGS and store in different cache , but use TGT from default
> cache location?
MIT krb5 doesn't have an option for this in kvno. You could of course
copy the ccache containing the TGT and point kvno at the copy, but if
the goal is to produce a ccache that doesn't contain the TGT, that's not
helpful. You could alternatively use "kinit -S servicename" to bypass
getting a TGT entirely.
From a code perspective, you can do what you want by passing
KRB5_GC_NO_STORE to krb5_get_credentials(), then explicitly resolving
the target ccache (krb5_cc_resolve()), initializing it with the client
principal (krb5_cc_initialize()), and storing the cred returned by
krb5_get_credentials(). That's what Heimdal's kgetcred does in
essence--it uses a fancier krb5_get_creds_opt interface to pass
KRB5_GC_NO_STORE, and MIT krb5 doesn't have that, but the option can
simply be passed in the flags parameter.
Kerberos mailing list [hidden email] https://mailman.mit.edu/mailman/listinfo/kerberos