cURL / Mailing Lists / curl-library / Single Mail

curl-library

Option to specify Kerberos credential-cache when used via GSSAPI

From: Isaac Boukris <iboukris_at_gmail.com>
Date: Wed, 23 Mar 2016 03:37:28 +0200

Hello all,

When libcurl is used in server-side application which runs transfers
on behalf of different users, it would be useful to be able to specify
different Kerberos credential-cache for each transfer.

I'd like to suggest adding a new option to libcurl - CURLOPT_KRB_CCACHE.
The string parameter passed will be used when authenticating with
Kerberos via GSSAPI to indicate the credential cache to use (file or
other types, see
http://web.mit.edu/kerberos/krb5-1.14/doc/basic/ccache_def.html).

I've started to implement this via MIT's credential-store extention
(gss_acquire_cred_from), see:
https://github.com/curl/curl/pull/723

(it is currently failing travis due to missing doc - symbols-in-versions)

Initially, I wanted to expose the credential-store API directly so it
could be used not only for credential-cache but for other options
(like client_keytab or for other GSSAPI mechanisms).
But it complicates the usage as the app would have to provide a list
of key-value pairs instead of a simple credential-cache string (which
I think is the most needed).
However I'm open for ideas.

Thanks and regards,
Isaac B.
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-03-23