0

I need to mount a smb/cifs file share using a service ticket obtained via S4U2Proxy (resource-based constrained delegation). I think I can do all the steps in Java except for creating the credential cache with the service ticket in it (which mount.cifs could then use).

I've seen some questions on SO already about writing a credential cache from Java and it looks like it can't be done. Any ideas to the contrary?

Alternatively, what's a language & library to do the S2U4Proxy in that can write a credential cache? It has to run on Linux.

Chris
  • 4,734
  • 2
  • 19
  • 26
  • AFAIK the C implementation of Kerberos stores service tickets in the same cache as the TGT -- e.g. `curl` and Python should both read/write in the cache. But the Java implementation considers service tickets as _private_ and volatile creds, hence it does not use the cache, by design. – Samson Scharfrichter Jul 01 '18 at 14:19
  • BTW there are no _"certificates"_ in Kerberos. Just temporary "tickets" used as credentials. – Samson Scharfrichter Jul 01 '18 at 14:21
  • Thanks, I fixed the question to refer to "credential cache", instead (since that's what the Kerberos API uses). – Chris Jul 05 '18 at 19:22

0 Answers0