> I haven't done anything with Heimdal. For what it's worth, here are
> the MIT Kerberos calls I'm using...
>
> krb5_init_context(&krb5context)
> krb5_sname_to_principal(krb5context, kssl_ctx->service_host,
> kssl_ctx->service_name, KRB5_NT_SRV_HST, &krb5creds.server)
> krb5_cc_default(krb5context, &krb5ccdef)
> krb5_cc_get_principal(krb5context, krb5ccdef, &krb5creds.client)
> krb5_get_credentials(krb5context, 0, krb5ccdef, &krb5creds, &krb5credsp)
> krb5_mk_req_extended(krb5context, &krb5auth_context, 0, &krb5in_data,
> krb5credsp, krb5_app_req)
> krb5_free_principal(krb5context, krb5creds.client)
> krb5_auth_con_free(krb5context, krb5auth_context)
> krb5_auth_con_init(krb5context, &krb5auth_context)
> krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, &krb5keytab)
> krb5_rd_req(krb5context, &krb5auth_context, &krb5in_data,
> krb5server, krb5keytab, &ap_option, &krb5ticket)
> krb5_free_ticket(krb5context, krb5ticket)
> krb5_free_context(krb5context)
> krb5_xfree(krb5_ap_req.data)
>
It would be worth putting all of the Kerberos routines into a separate
file that abstracts the functionality (if you have not already done
so.) Heimdal's API is fairly different from the MIT API especially
with regard to credential caches, keytab files, XXXX_free() routines.
I don't that a single one of the methods used above other than
krb5_init_context() is compatible between the two systems.
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
