>>>>> "Mike" == Mike Friedman <[EMAIL PROTECTED]> writes:
Mike> But this brings me to a very specific question, that even
Mike> the source code is not answering for me (I'm probably
Mike> overlooking something obvious):
Mike> I'd like to use krb5_mk_req_extended, instead of
Mike> krb5_mk_req, to get service credentials as the second part
Mike> of a proxy authentication. With krb5_mk_req, I can supply
Mike> the service and host names as arguments. But
Mike> krb5_mk_req_extended doesn't seem to have a 'host' or
Mike> 'service' argument. So, how do I specify the service
Mike> principal for which I want to issue a TGS request?
You have to get the credentials before calling mk_req_extended. Here's how
mk_req works:
/* obtain ticket & session key */
memset((char *)&creds, 0, sizeof(creds));
if ((retval = krb5_copy_principal(context, server, &creds.server)))
goto cleanup_princ;
if ((retval = krb5_cc_get_principal(context, ccache,
&creds.client)))
goto cleanup_creds;
if ((retval = krb5_get_credentials(context,
0,
ccache, &creds, &credsp)))
goto cleanup_creds;
retval = krb5_mk_req_extended(context, auth_context, ap_req_options,
in_data, credsp, outbuf);
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
