hyc
commented
1 year ago That option doesn't do what you think; it's for caching incoming credentials on the server side. On the client you need to just set this in krb5.conf or whatever.
Closed brandonto closed 1 year ago
hyc
commented
1 year ago That option doesn't do what you think; it's for caching incoming credentials on the server side. On the client you need to just set this in krb5.conf or whatever.
brandonto
commented
1 year ago Hi @hyc , thanks for the response.
I believe I have found the configuration option you are talking about. My question is... how do I tell libsasl2 where the krb5.conf file is if it isn't in the default location?
The application I'm working with uses sasl_client_new as the first point of interaction with libsasl2. I don't see any options I can tell sasl_client_new to give libsasl2 this information.
hyc
commented
1 year ago Check the documentation of the Kerberos library you're using. Usually you can set an environment variable to tell the kerberos library what to look for. Cyrus SASL has no control over that.
Hi,
I am trying to get kerberos authentication working for a project. The project requires a non-default location for the credential cache... I believe this
ccache_storeGSSAPI option is used for this purpose. https://www.cyrusimap.org/sasl/sasl/options.htmlAlthough the docs are for v2.1.28, I can't seem to find the getopt call for
ccache_storeanywhere in the source code for v2.1.28:% ack "\"ccache" mac/CommonKClient/mac_kclient3/Headers/Kerberos5/krb5.h 1142: * begin "ccache.h" 1219: * end "ccache.h"So I turned to the current revision in master where I did find the getopt call for
ccache_store. However, getopt forccache_storedoesn't seem to be invoked, evident by logs that I put in the callback function for getopt passed as an argument tosasl_client_new.Are there any additional steps required (perhaps in the configuration of cyrus sasl?) to get this working?