cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Kerberos multiple principals having same realms issue.

From: Yehezkel Horowitz <horowity_at_checkpoint.com>
Date: Tue, 2 Sep 2014 17:19:20 +0000

Little bit late (I have a quite large backlog), but if still relevant...

>We are observing issue when running curl under negotiate with multiple principals both having same realm(say user1/krbnet.com_at_EXAMPLE.COM and user2/krbnet.com_at_EXAMPLE.COM).
>We are using directory cache to update the cache with both the principals.
>kinit -kt user1/krbnet.com_at_EXAMPLE.COM
>kinit -kt user2/krbnet.com_at_EXAMPLE.COM
>curl library is loading only the primary credentials (here user2) in the Kerberos cache and working even though there are user1 and user2 credentials in the Kerberos cache.
>Is there any option in curl to specify the negotiate connection based on the principal?

>Can anybody suggest a way to work with curl if multiple Kerberos principals are present and both pointing to same realm.

You can use a different cache for each user and use the environment variable KRB5CCNAME to point to the correct cache before running curl.

HTH

Yehezkel Horowitz

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-09-02

This message: [ Message body ]
Next message: Toby Peterson: "Re: A darwinssl-related bug again"
Previous message: Daniel Stenberg: "Re: Quadratic slowdown in curl_multi"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]