Hi, Is it possible to use in memory credentials cache to store TGT, or it has be in file?
Best Regards, Petar Kovacevic ________________________________________ From: Howard Chu [[email protected]] Sent: Monday, January 25, 2016 3:37 PM To: Petar Kovačević; [email protected] Subject: Re: OpenLdap + Cyrus SASL + MIT Kerberos credentials cache Petar Kovačević wrote: > Hi All, > > I’m working on Windows application that uses libldap built with cyrus sasl and > MIT Kerberos and I’m having issues with Kerberos authentication on AD. > > I have tested with various applications and Kerberos is working properly on > server. > > In my app I’m using ldap_sasl_interactive_bind_s(mLdapObj, NULL, "GSSAPI", > NULL, NULL, LDAP_SASL_INTERACTIVE, my_ldap_sasl_interact, defaults) in order > to bind with server, but I get error -2 (Local error). > > I have debugged the app and I have found that there is an issue with Keberos > Credentials Cache. Because I haven’t set credentials cache location, Kerberos > reads this location from KRB5CCNAME environment variable. > > So my first question is : Is there any API in libldap, so we can set our own > contact cache location? No. > But even when I set this variable, I get same error when I try to bind. After > some more debugging I found that Kerberos expects that I already have > credentials cache file created, and that there is a ticket in it(as a I have > called kinit before bind). > > Is there an API in libldap, that will call Kerberos API for credentials cache > and ticket obtaining operations, which we can call before bind, or we need to > call Kerberos API directly ? You are expected to have a TGT already. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
