oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gssapi: support for client keytab in gss_acquire_cred (#383)

Browse Source 
For compatibility with MIT Kerberos, support automatic acquisition of initiator
credentials if a client keytab is available. The default path on non-Windows is
/var/heimdal/user/%{euid}/client.keytab, but can be overriden with the
KRB5_CLIENT_KTNAME environment variable or the default_client_keytab_name
configuration option. If a client keytab does not exist, or exists but does not
contain the principal for which initiator credentials are being acquired, the
system keytab is tried.
This commit is contained in:
Luke Howard
2018-12-31 16:13:20 +11:00
parent 58b77bb485
commit af0d8ef677
7 changed files with 55 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/krb5/krb5_locl.h
View File

@@ -171,6 +171,9 @@ struct _krb5_krb_auth_data;
#define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab"
#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
#ifndef CLIENT_KEYTAB_DEFAULT
#define CLIENT_KEYTAB_DEFAULT "FILE:" LOCALSTATEDIR "/user/%{euid}/client.keytab";
#endif
#define MODULI_FILE SYSCONFDIR "/krb5.moduli"