Is it possible to use in memory credentials cache to store TGT, or it has be in file?
From: Howard Chu [hyc(a)symas.com]
Sent: Monday, January 25, 2016 3:37 PM
To: Petar Kovačević; openldap-technical(a)openldap.orgte
Subject: Re: OpenLdap + Cyrus SASL + MIT Kerberos credentials cache
Petar Kovačević wrote:
I’m working on Windows application that uses libldap built with cyrus sasl and
MIT Kerberos and I’m having issues with Kerberos authentication on AD.
I have tested with various applications and Kerberos is working properly on
In my app I’m using ldap_sasl_interactive_bind_s(mLdapObj, NULL, "GSSAPI",
NULL, NULL, LDAP_SASL_INTERACTIVE, my_ldap_sasl_interact, defaults) in order
to bind with server, but I get error -2 (Local error).
I have debugged the app and I have found that there is an issue with Keberos
Credentials Cache. Because I haven’t set credentials cache location, Kerberos
reads this location from KRB5CCNAME environment variable.
So my first question is : Is there any API in libldap, so we can set our own
contact cache location?
But even when I set this variable, I get same error when I try to
some more debugging I found that Kerberos expects that I already have
credentials cache file created, and that there is a ticket in it(as a I have
called kinit before bind).
Is there an API in libldap, that will call Kerberos API for credentials cache
and ticket obtaining operations, which we can call before bind, or we need to
call Kerberos API directly ?
You are expected to have a TGT already.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/