> Hi, > > We are observing issue when running curl under negotiate with multiple > principals both having same realm(say user1/krbnet....@example.com and > user2/krbnet....@example.com). > > We are using directory cache to update the cache with both the principals. > > kinit -kt user1/krbnet....@example.com > kinit -kt user2/krbnet....@example.com > > curl library is loading only the primary credentials (here user2) in the > Kerberos cache and working even though there are user1 and user2 credentials > in the Kerberos cache. > > Is there any option in curl to specify the negotiate connection based on the > principal? > > Can anybody suggest a way to work with curl if multiple Kerberos principals > are present and both pointing to same realm.
Hi, this is obviously not a curl problem itself. You have two options for this: 1. Read MIT Kerberos documentation on DIR [1] and use kswitch 2. Patch curl to accept a UPN with -u michae...@company.com, import name, pass along to gss_init_sec_context and hope that MIT Kerberos picks that up. (Not tried) Michael [1] http://web.mit.edu/kerberos/krb5-devel/doc/basic/ccache_def.html#col-ccache ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
