Hello, I'm trying to use gss_acquire_cred_impersonate_name() followed by gss_store_cred_into() to store impersonated creds into a ccache which I later use for calling gss_init_sec_context() on behalf of the user.
This works fine (against w2k3) but it seems that each call to gss_init_sec_context() incurs a new TGS exchange (on wire) and subsequently 'klist' shows additional entries although the target server is the same. This doesn't happen when I use regular 'kinit' to initialize the ccache (rather the first TGS seems to be reused). I was wondering if this is expected in constrained-delegation scenario or whether I might be doing something wrong (tested with 1.12.2 and 1.14-pre). Thank you, Isaac Boukris ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
