"Imanuel Greenfeld" <imanuel.greenfe...@ntlworld.com> writes:
> I have 2 domains which there is no trust between them. > > I'm running a process on Domain 1. This needs to submit HTTP rest > request to Domain 2 which the KDC is also on the same domain > (i.e. domain 2). What does "domain" mean here? Do you have two realms (A and B), with two machines (machine_a in A, and machine_b in B), and two services (service_a on machine_a, and service_b on machine_b)? > I have keytab (for the service account on Domain 2) and kerb5.conf > with the details of the two realms. So if I understand correctly: on machine_b, you have a keytab for service_b. And krb5.conf knows the KDCs and such for both A and B. > I found a way to incorporate the keytab into the HTTP request in Java but > not in C/C++. I lose you here. It sounds like you're sending the keytab as part of the HTTP request? I'm not overly familiar with the Java bindings, but this isn't something one really wants to be doing in Kerberos. > I know there are functions such as krb5_get_init_creds_keytab but I do > not know how to achieve the same in C/C++ (as I did in Java). So when > I have the keytab, how do I incorporate this to the HTTP header ? You shouldn't be passing credentials around for security reasons, and you shouldn't be putting thins of variable length in headers. What is the actual, higher level thing you are trying to accomplish? Thanks, --Robbie
signature.asc
Description: PGP signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
