On 03/31/2017 01:37 PM, Rahul G wrote: > I have a KCD implementation based on t_s4u.c, using > gss_acquire_cred_impersonate_name() and gss_init_sec_context(). This works > fine, giving my impersonator an auth token to the target server on behalf > of the client user. The problem is, my implementation does a TGS_REQ > subsequently for the same user and same target server. Is there a way I can > reuse the credentials that I received with the first auth token. We want to > avoid unnecessary network traffic, especially since the tickets have the > default expirations (10hrs).
Unfortunately, we only made using cached S4U2Proxy credentials work in krb5-1.15 [1], while the most recent KfW release is based on krb5-1.13. I don't know of any application-level workaround that would help. As we only make KfW releases infrequently, it may be some time before there is a KfW release with this feature added; therefore, building the current or 1.15 krb5 sources on Windows may be the only way to get this to work in the near future. [1] http://krbdev.mit.edu/rt/Ticket/Display.html?id=8372 _______________________________________________ kfwdev mailing list [email protected] http://mailman.mit.edu/mailman/listinfo/kfwdev
