BC-SNC, MIT Kerberos V, SSO, GSS-API v2

Barbat, Calin c.barbat at osram.de
Fri Aug 13 05:37:16 EDT 2004


Hello everybody,

I need help with Single Sign-On for SAPguis running on Windows clients to an SAP Application Server 4.6C running on a Linux SLES server with authentification against an Active Directory provided by a Windows 2000 Server.

In the following I'll describe how far I got, so the specialists can help with the remaining things to do.

I'm trying now to get the actual Kerberos implementation (release 1.3.1) from MIT to work with our SAP Application Server 4.6C. 
Could it be that I need an older release? If so, which one and where can I get it?

As I understand, the libgssapi_krb5.so library has to be tested for interoperability with a tool named gsstest, which is provided for free by SAP.

I compiled, installed and configured Kerberos on the Linux AS and got a logon ticket from the Win2k KDC by logging in on the Linux prompt using:

  kinit C.Barbat

This ticket is shown by: 

  klist

Then I issued:

  gsstest-1.27/gsstest -l /usr/local/lib/libgssapi_krb5.so -d 4 -p kerberos_test.log

This should test the library libgssapi_krb5.so with the most verbose output to kerberos_test.log.

This file reads as follows:


  **************************************************************************
  ***                                                                    ***
  ***  "gsstest" -- GSS-API v2  Shared Library API Test Program          ***
  ***                                                                    ***
  ***  Version 1.27   11-Apr-2003                                        ***
  ***                                                                    ***
  ***  This implementation is Copyright (c), 1998  SAP AG Walldorf       ***
  ***                                                                    ***
  **************************************************************************
  ***      This tool may be freely used to test functionality and        ***
  ***      robustness of GSS-API v2 mechanism implemenations             ***
  **************************************************************************
  *** THIS SOFTWARE IS PROVIDED BY SAP AG ``AS IS'' AND ANY EXPRESSED    ***
  *** OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE          ***
  *** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ***
  *** PURPOSE ARE DISCLAIMED. SAP AG SHALL BE LIABLE FOR ANY DAMAGES     ***
  *** ARISING OUT OF THE USE OF THIS SOFTWARE ONLY IF CAUSED BY SAP AG'S ***
  *** INTENT OR GROSS NEGLIGENCE. IN CASE SAP AG IS LIABLE UNDER THIS    ***
  *** AGREEMENT FOR DAMAGES CAUSED BY SAP AG'S GROSS NEGLIGENCE SAP AG   ***
  *** FURTHER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, ***
  *** EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,***
  *** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,    ***
  *** OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY    ***
  *** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,        ***
  *** OR TORT, AND SHALL NOT BE LIABLE IN EXCESS OF THE AMOUNT OF        ***
  *** DAMAGES TYPICALLY FORESEEABLE FOR SAP AG, WHICH SHALL IN NO EVENT  ***
  *** EXCEED US$ 500.000.-                                               ***
  **************************************************************************

Timer resolution of gettimeofday() is (at least)      0.001 millisec
1 second passed in   1000.000 millisec.

=====================================================================
  Current Date&Time :  Fri, 13-Aug-2004   08:55:05   GMT +00:00
  Operating System  :  Linux
          -Release  :  2.4.21-190-smp
  Hardware/Machine  :  i686
  scalar C-types    :  void* ptrdiff_t size_t time_t long int wchar_t char
    (sizes in bits) :    32     32s      32u    32s   32s 32s   32s    8u
  Endianess, Charset:  1234 (LITTLE_ENDIAN),  ASCII charset
  Perf-Index (p-90) :  dbg= 7.40   (opt= 3.80)
  Timer Resolution  :  0.001 millisec using "gettimeofday()"
  Hostname          :  app-r3-portal
  Current user      :  cb
=====================================================================

Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...

  Resolving SAP SNC-Adapter functions ...
    GSS-API v2  "sapsnc_init_adapter"                  (  opt.   )   (missing)
    GSS-API v2  "sapsnc_export_cname_blob"             (  opt.   )   (missing)
    GSS-API v2  "sapsnc_import_cname_blob"             (  opt.   )   (missing)
  Resolving Misc Support functions ...
    GSS-API v1  "gss_indicate_mechs"                   (REQUIRED )    ok.
    GSS-API v1  "gss_display_status"                   (REQUIRED )    ok.
    GSS-API v1  "gss_release_buffer"                   (REQUIRED )    ok.
    GSS-API v1  "gss_release_oid_set"                  (REQUIRED )    ok.
    GSS-API v2  "gss_inquire_names_for_mech"           (requested)    ok.
    GSS-API v2  "gss_create_empty_oid_set"             (  opt.   )    ok.
    GSS-API v2  "gss_add_oid_set_member"               (  opt.   )    ok.
    GSS-API v2  "gss_test_oid_set_member"              (  opt.   )    ok.
  Resolving Names management functions ...
    GSS-API v1  "gss_compare_name"                     (REQUIRED )    ok.
    GSS-API v1  "gss_display_name"                     (REQUIRED )    ok.
    GSS-API v1  "gss_import_name"                      (REQUIRED )    ok.
    GSS-API v1  "gss_release_name"                     (REQUIRED )    ok.
    GSS-API v2  "gss_canonicalize_name"                (requested)    ok.
    GSS-API v2  "gss_export_name"                      (requested)    ok.
    GSS-API v2  "gss_duplicate_name"                   (  opt.   )    ok.
    GSS-API v2  "gss_inquire_mechs_for_name"           (  opt.   )   (missing)
  Resolving Credentials management functions ...
    GSS-API v1  "gss_acquire_cred"                     (REQUIRED )    ok.
    GSS-API v1  "gss_release_cred"                     (REQUIRED )    ok.
    GSS-API v1  "gss_inquire_cred"                     (REQUIRED )    ok.
    GSS-API v2  "gss_inquire_cred_by_mech"             (requested)    ok.
    GSS-API v2  "gss_add_cred"                         (  opt.   )    ok.
  Resolving Context-level functions ...
    GSS-API v1  "gss_init_sec_context"                 (REQUIRED )    ok.
    GSS-API v1  "gss_accept_sec_context"               (REQUIRED )    ok.
    GSS-API v1  "gss_delete_sec_context"               (REQUIRED )    ok.
    GSS-API v1  "gss_context_time"                     (REQUIRED )    ok.
    GSS-API v2  "gss_inquire_context"                  (REQUIRED )    ok.
    GSS-API v2  "gss_export_sec_context"               (requested)    ok.
    GSS-API v2  "gss_import_sec_context"               (requested)    ok.
    GSS-API v2  "gss_wrap_size_limit"                  (requested)    ok.
    GSS-API v1  "gss_process_context_token"            (  opt.   )    ok.
  Resolving V2 message protection functions ...
    GSS-API v2  "gss_get_mic"                          (REQUIRED )    ok.
    GSS-API v2  "gss_verify_mic"                       (REQUIRED )    ok.
    GSS-API v2  "gss_wrap"                             (REQUIRED )    ok.
    GSS-API v2  "gss_unwrap"                           (REQUIRED )    ok.

INcomplete GSS-API v2 implementation.
At least one of the "optional" calls is missing

Loading of GSS-API shared library completed.


Status:  gss_indicate_mechs() == (GSS_S_COMPLETE)
  mech_list from gss_indicate_mechs() contains 2 gss_OID elements:
  {
    [ 0] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
    [ 1] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
  }
SNC will recognize this mechanism OID and force this selection ---
  Selecting mechanism (1) from GSS shared library #1:
      {1 3 5 1 5 2}                       MECH= Kerberos 5 (PRE-rfc1964)

====================

Checking supported nametypes via gss_inquire_names_for_mech()
Status:  gss_inquire_names_for_mech() == (GSS_S_COMPLETE)

====================
Testing generic gssapi functions ...
----------
TEST: passing mech_list from indicate_mechs() to release_oid_set()
Status:  gss_indicate_mechs() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: passing name_types from inquire_names_for_mech() to release_oid_set()
Status:  gss_inquire_names_for_mech() == (GSS_S_COMPLETE)
  name_types contains 8 gss_OID elements:
  {
    [ 0] = {1 2 840 113554 1 2 1 1}         NT= GSS_C_NT_USER_NAME
    [ 1] = {1 2 840 113554 1 2 1 2}         NT= GSS_C_NT_MACHINE_UID_NAME
    [ 2] = {1 2 840 113554 1 2 1 3}         NT= GSS_C_NT_STRING_UID_NAME
    [ 3] = {1 2 840 113554 1 2 1 4}         NT= GSS_C_NT_HOSTBASED_SERVICE
    [ 4] = {1 3 6 1 5 6 2}                  NT= (GSS_C_NT_HOSTBASED_SERVICE_X)
    [ 5] = {1 3 6 1 5 6 4}                  NT= GSS_C_NT_EXPORTED_NAME
    [ 6] = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME
    [ 7] = {1 2 840 113554 1 2 2 2}         NT= Huh? This is not in rfc1964!
  }
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
RESULT  OK
-------
====================
Testing credentials management functions ...
----------
TEST: *default* initiating credentials (acquire_cred default mechs)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
RESULT  OK
-------
  actual_mechs from gss_acquire_cred() contains 2 gss_OID elements:
  {
    [ 0] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
    [ 1] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
  }
Status:  gss_display_name() == (GSS_S_COMPLETE)
----------
TEST: *default* initiating credentials (acquire_cred specific mechs)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: *default* initiating credentials (inquire_cred only)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: named default initiating credentials (acquire_cred with name)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquire_cred and inquire_cred with NO optional parameters
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
RESULT  OK
-------
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
  My own name/identity (from default creds) resolves to
    "C.Barbat at OSRAM.DE"
  Nametype oid = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME

TEST: Examining the exported name framing
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_export_name() == (GSS_S_COMPLETE)
  exported name buffer = { length= 36, value= ptr:0x8082f20 }
   00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*. H.......
   00010: 00 00 11 43 2e 42 61 72  62 61 74 40 4f 53 52 41   ...C.Bar bat at OSRA
   00020: 4d 2e 44 45                                        M.DE
  Framing details for exported name (Section 3.2, GSS-API v2 spec):
    TOK_ID            :   00000: 04 01
    MECH_OID_LEN = 11 :   00002: 00 0b
        OID tag       :   00004: 06
        OID len =   9 :   00005: 09
        OID elements  :   00006: 2a 86 48 86 f7 12 01 02  02
          = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
    NAME_LEN   =   17 :   0000f: 00 00 00 11
    NAME              :   00013: 43 2e 42 61 72 62 61 74   C.Barbat
                          0001b: 40 4f 53 52 41 4d 2e 44   @OSRAM.D
                          00023: 45                        E
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
RESULT  OK
-------

  Since you didn't give me a target name, I'll try to talk to myself!

TEST: acquiring *default* initiating credentials (simple)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring *default* initiating credentials (query)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_export_name() == (GSS_S_COMPLETE)
  exported name buffer = { length= 36, value= ptr:0x8082cf8 }
   00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*. H.......
   00010: 00 00 11 43 2e 42 61 72  62 61 74 40 4f 53 52 41   ...C.Bar bat at OSRA
   00020: 4d 2e 44 45                                        M.DE
Status:  gss_display_name() == (GSS_S_COMPLETE)
        gss_display_name() returned "C.Barbat at OSRAM.DE"
  printable name buffer = { length= 17, value= ptr:0x8082998 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
  input name buffer = { length= 36, value= ptr:0x8083538 }
   00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*. H.......
   00010: 00 00 11 43 2e 42 61 72  62 61 74 40 4f 53 52 41   ...C.Bar bat at OSRA
   00020: 4d 2e 44 45                                        M.DE
  nametype oid = {1 3 6 1 5 6 4}                  NT= GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
        gss_display_name() returned "C.Barbat at OSRAM.DE"
  printable name buffer = { length= 17, value= ptr:0x8082d30 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
    newly imported = "C.Barbat at OSRAM.DE"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring initiating credentials (gss_name_t)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring initiating credentials (printable name)
  input name buffer = { length= 17, value= ptr:0x8082a68 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
  nametype oid = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
        gss_display_name() returned "C.Barbat at OSRAM.DE"
  printable name buffer = { length= 17, value= ptr:0x8082958 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
    newly imported = "C.Barbat at OSRAM.DE"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring initiating credentials (can. printable name)
  input name buffer = { length= 17, value= ptr:0x8082a68 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
  nametype oid = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
        gss_display_name() returned "C.Barbat at OSRAM.DE"
  printable name buffer = { length= 17, value= ptr:0x8083210 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
    newly imported = "C.Barbat at OSRAM.DE"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_export_name() == (GSS_S_COMPLETE)
  exported name buffer = { length= 36, value= ptr:0x8083538 }
   00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*. H.......
   00010: 00 00 11 43 2e 42 61 72  62 61 74 40 4f 53 52 41   ...C.Bar bat at OSRA
   00020: 4d 2e 44 45                                        M.DE
Status:  gss_display_name() == (GSS_S_COMPLETE)
        gss_display_name() returned "C.Barbat at OSRAM.DE"
  printable name buffer = { length= 17, value= ptr:0x8083688 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
  input name buffer = { length= 36, value= ptr:0x8083560 }
   00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*. H.......
   00010: 00 00 11 43 2e 42 61 72  62 61 74 40 4f 53 52 41   ...C.Bar bat at OSRA
   00020: 4d 2e 44 45                                        M.DE
  nametype oid = {1 3 6 1 5 6 4}                  NT= GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
        gss_display_name() returned "C.Barbat at OSRAM.DE"
  printable name buffer = { length= 17, value= ptr:0x8083108 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
    newly imported = "C.Barbat at OSRAM.DE"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring accepting credentials for target (printable name)
  for identity "C.Barbat at OSRAM.DE"
  input name buffer = { length= 17, value= ptr:0x8082b80 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
  nametype oid = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
        gss_display_name() returned "C.Barbat at OSRAM.DE"
  printable name buffer = { length= 17, value= ptr:0x80835a0 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
    newly imported = "C.Barbat at OSRAM.DE"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Acc() == (GSS_S_FAILURE)
         gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
Status:  gss_display_status() == (GSS_S_COMPLETE)
           "Miscellaneous failure"
         gss_display_status(0x00000002,GSS_S_MECH_CODE) =
Status:  gss_display_status() == (GSS_S_COMPLETE)
           "No such file or directory"
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=1)
-------
TEST: acquiring accepting credentials for target (can. printable name)
  input name buffer = { length= 17, value= ptr:0x8082b80 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
  nametype oid = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
        gss_display_name() returned "C.Barbat at OSRAM.DE"
  printable name buffer = { length= 17, value= ptr:0x80835c0 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
    newly imported = "C.Barbat at OSRAM.DE"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_export_name() == (GSS_S_COMPLETE)
  exported name buffer = { length= 36, value= ptr:0x8083620 }
   00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*. H.......
   00010: 00 00 11 43 2e 42 61 72  62 61 74 40 4f 53 52 41   ...C.Bar bat at OSRA
   00020: 4d 2e 44 45                                        M.DE
Status:  gss_display_name() == (GSS_S_COMPLETE)
        gss_display_name() returned "C.Barbat at OSRAM.DE"
  printable name buffer = { length= 17, value= ptr:0x8083770 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
  input name buffer = { length= 36, value= ptr:0x8083648 }
   00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*. H.......
   00010: 00 00 11 43 2e 42 61 72  62 61 74 40 4f 53 52 41   ...C.Bar bat at OSRA
   00020: 4d 2e 44 45                                        M.DE
  nametype oid = {1 3 6 1 5 6 4}                  NT= GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
        gss_display_name() returned "C.Barbat at OSRAM.DE"
  printable name buffer = { length= 17, value= ptr:0x80835d0 }
   00000: 43 2e 42 61 72 62 61 74  40 4f 53 52 41 4d 2e 44   C.Barbat @OSRAM.D
   00010: 45                                                 E
    newly imported = "C.Barbat at OSRAM.DE"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Acc() == (GSS_S_FAILURE)
         gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
Status:  gss_display_status() == (GSS_S_COMPLETE)
           "Miscellaneous failure"
         gss_display_status(0x00000002,GSS_S_MECH_CODE) =
Status:  gss_display_status() == (GSS_S_COMPLETE)
           "No such file or directory"
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=1)
-------
TEST: acquiring *default* accepting credentials (simple)
Status:  gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Acc() == (GSS_S_COMPLETE)

Now I need your help. What could I do next, in order to understand what went wrong and how to correct it?

Any help or hint is greatly appreciated.

C. Barbat




More information about the Kerberos mailing list