On Fri, Feb 20, 2009 at 01:24:06PM -0800, Chris wrote: > I'm working on implementing Kerberos authentication from a C++ client > to a Java service. The Java service wants a GSSAPI context. > > Is it correct that, if you can't rely on default GSSAPI credentials > (i.e. login identity and pre-cached TGT), then a client should use > gss_acquire_credentials() to establish this? I have tried this but > haven't had success and just want to make sure I'm on the right path.
The GSS-API does not give you a way to acqiure initial credentials (i.e., anything involving interaction with the user to obtain things like principal name, password, smartcard/token PIN, ...). That's out of scope for the GSS-API. IIRC JAAS does give you a way to do that, but I don't remember exactly. What the GSS_Acquire_cred() and GSS_Add_cred() functions allow you to do is to choose a credential to use when many are available. Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
