James, Hopefully the source I sent will help, but I thought I should reply to this post to answer your specific questions and to announce the source to anyone else interested.
In answer to your question about the credentials cache, the Kerberos proxy calls krb5_cc_default_name() to find the default ticket cache. In current versions of MIT Kerberos for Windows, this will be an in-memory cache: API:krb5cc You can change this behavior in the source, or change the default location. The default can be changed by setting the environment variable KRB5CCNAME or in the registry at: HKEY_CURRENT_USER\Software\MIT\Kerberos5 ccname = FILE:C:\example.ext and/or HKEY_LOCAL_MACHINE\Software\MIT\Kerberos5 ccname = FILE:C:\example.ext Note, however, that file-based credentials caches are less secure than in-memory. It would be better if you could get your AFS app. to use the in-memory cache. I've just made the source code for the UW's kftpd proxy publicly available. This has a fairly standard open source license. You can read the license, release notes, and pick up the source at: http://www.washington.edu/computing/support/windows/sources/kftpd.html Pre-compiled binaries are also included, but not Kerberos for Windows. You'll need to get this separately. If you have a working GSS compatible Kerberos v5 system already set up and your target kftpd servers are in your client's default realm, you can probably just start the included daemon as follows: kftppd.exe 127.0.0.1 2021 And it should start taking ftp proxy requests on port 2021. Ryan Campbell Software Engineer/Consultant Computing & Communications [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
