---------- Forwarded message ---------- From: Kiran Ayyagari <[email protected]> Date: Tue, Aug 20, 2013 at 12:06 AM Subject: Re: [ApacheDS] File credentials cache for Kerberos To: "Zheng, Kai" <[email protected]>
On Mon, Aug 19, 2013 at 7:25 PM, Zheng, Kai <[email protected]> wrote: > Hi Kiran,**** > > ** ** > > Thanks for your help. I understand that KdcConnection->getTgt() can be > called to request a TGT ticket with specified principal and password. My > question is how to store the result TGT ticket in File Credential Cache > (FCC) like kinit does. I would clarify that it’s not to store the password > of a principal to a file as keytab does. Thanks. **** > > ** > ahh, I see, I just thought you want to store some data in a keytab. currently there is no support for FCC creation, if you would like to work on it here[1] is the format [1] https://www.gnu.org/software/shishi/manual/html_node/The-Credential-Cache-Binary-File-Format.html > ** > > Regards,**** > > Kai**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Kiran Ayyagari > *Sent:* Monday, August 19, 2013 6:10 PM > *To:* Apache Directory Developers List > *Subject:* Re: [ApacheDS] File credentials cache for Kerberos**** > > ** ** > > ApacheDS comes with a kerberos client see[1] and you can make use of > Keytab class[2]**** > > to write TGTs to a file.**** > > HTH**** > > > [1] > http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-client > [2] > http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/keytab/ > **** > > ** ** > > On Mon, Aug 19, 2013 at 2:52 PM, Zheng, Kai <[email protected]> wrote:** > ** > > Hi all,**** > > **** > > I’m new to ApacheDS, and know that it provides a KDC, which is very useful > for Kerberos related automation tests. I’m looking for some feature or > codes to cache TGT in file in compatible format with krb5 FCC . The cached > TGT as credentials can be loaded from the file cache by other tools or > libraries like Krb5LoginModule (a JAAS module bundled in JRE) and then used > to do login or whatever. After some investigation, I realized it may need > development effort. Before I dive into this, could you please confirm I’m > not missing something? I’m wondering if ApacheDS would come up kinit like > tools for itself, if so then credentials cache for TGT would be a good > starting, and I’d like to contribute when get more inputs.**** > > **** > > Thanks & regards,**** > > Kai **** > > > > > -- > Kiran Ayyagari > http://keydap.com **** > -- Kiran Ayyagari http://keydap.com -- Kiran Ayyagari http://keydap.com
