On 08/08/2014 03:37 AM, jarek wrote: > Is it possible to receive ticket for host principal and use this ticket > for authentication ?
Yes. Normally this is done using a keytab, in one of three ways: * krb5_get_init_creds_keytab from the application code. * kinit -k from the command line. (This will only work until the resulting tickets expire.) * Client keytab initiation (new in MIT krb5 1.11). Set the environment variable KRB5_CLIENT_KTNAME to FILE:/path/to/keytab, and set KRB5CCNAME to FILE:/some/path/writable/by/daemon/process. Don't create the ccache. The GSS application will create it automatically using the keytab, and will refresh it when needed. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos