I'm working on implementing Kerberos authentication from a C++ client to a Java service. The Java service wants a GSSAPI context.
Is it correct that, if you can't rely on default GSSAPI credentials (i.e. login identity and pre-cached TGT), then a client should use gss_acquire_credentials() to establish this? I have tried this but haven't had success and just want to make sure I'm on the right path. I need to be able to explicitly set the client principal, realm, and KDC - not just rely on login and client machine configuration - and obtain a TGT (whether from local cache or the AS, possibly with a password prompt), and then use this to call gss_init_context() which I expect to request the actual service ticket. Is gss_acquire_credentials() the right call? Anyone know of any sample code for this kind of explicit credentials configuration on the client (i.e. gss_init_context) side? TIA - Chris ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
