cURL / Mailing Lists / curl-library / Single Mail


Option to specify Kerberos credential-cache when used via GSSAPI

From: Isaac Boukris <>
Date: Wed, 23 Mar 2016 03:37:28 +0200

Hello all,

When libcurl is used in server-side application which runs transfers
on behalf of different users, it would be useful to be able to specify
different Kerberos credential-cache for each transfer.

I'd like to suggest adding a new option to libcurl - CURLOPT_KRB_CCACHE.
The string parameter passed will be used when authenticating with
Kerberos via GSSAPI to indicate the credential cache to use (file or
other types, see

I've started to implement this via MIT's credential-store extention
(gss_acquire_cred_from), see:

(it is currently failing travis due to missing doc - symbols-in-versions)

Initially, I wanted to expose the credential-store API directly so it
could be used not only for credential-cache but for other options
(like client_keytab or for other GSSAPI mechanisms).
But it complicates the usage as the app would have to provide a list
of key-value pairs instead of a simple credential-cache string (which
I think is the most needed).
However I'm open for ideas.

Thanks and regards,
Isaac B.
List admin:
Received on 2016-03-23