Core Dump with gsstest-1.26 and krb5-1.4.2
Christoph Weizen
cwei at gmx.net
Wed Sep 21 15:48:23 EDT 2005
Oh, dear.
I found a brilliant howto from Calin Barbat. There he points out to
"kinit -k -t user.keytab user/domain/DOMAIN".
I just done a "kinit user".
So, when following Calin's command, worse output from gsstest are gone.
All is left is now: "FAILED to clear minor_status!"
**************************************************************************
***
***
*** "gsstest" -- GSS-API v2 Shared Library API Test Program
***
***
***
*** Version 1.26 03-Sep-2002
***
***
***
*** This implementation is Copyright (c), 1998 SAP AG Walldorf
***
***
***
**************************************************************************
*** This tool may be freely used to test functionality and
***
*** robustness of GSS-API v2 mechanism implemenations
***
**************************************************************************
*** THIS SOFTWARE IS PROVIDED BY SAP AG ``AS IS'' AND ANY EXPRESSED
***
*** OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
***
*** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR ***
*** PURPOSE ARE DISCLAIMED. SAP AG SHALL BE LIABLE FOR ANY DAMAGES
***
*** ARISING OUT OF THE USE OF THIS SOFTWARE ONLY IF CAUSED BY SAP
AG'S ***
*** INTENT OR GROSS NEGLIGENCE. IN CASE SAP AG IS LIABLE UNDER THIS
***
*** AGREEMENT FOR DAMAGES CAUSED BY SAP AG'S GROSS NEGLIGENCE SAP AG
***
*** FURTHER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
SPECIAL, ***
*** EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO,***
*** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
***
*** OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
***
*** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
***
*** OR TORT, AND SHALL NOT BE LIABLE IN EXCESS OF THE AMOUNT OF
***
*** DAMAGES TYPICALLY FORESEEABLE FOR SAP AG, WHICH SHALL IN NO EVENT
***
*** EXCEED US$ 500.000.-
***
**************************************************************************
Timer resolution of gettimeofday() is (at least) 0.001 millisec
1 second passed in 1000.000 millisec.
=====================================================================
Current Date&Time : Wed, 21-Sep-2005 21:37:03 GMT -02:00
Operating System : Linux
-Release : 2.6.5-7.191-pseries64
Hardware/Machine : ppc64
scalar C-types : void* ptrdiff_t size_t time_t long int wchar_t char
(sizes in bits) : 32 32s 32u 32s 32s 32s 32s 8u
Perf-Index (p-90) : dbg= 6.80 (opt= 3.60)
Timer Resolution : 0.001 millisec using "gettimeofday()"
Hostname : rliss002
Current user : root
=====================================================================
Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...
Resolving SAP SNC-Adapter functions ...
GSS-API v2 "sapsnc_init_adapter" ( opt. )
(missing)
GSS-API v2 "sapsnc_export_cname_blob" ( opt. )
(missing)
GSS-API v2 "sapsnc_import_cname_blob" ( opt. )
(missing)
Resolving Misc Support functions ...
GSS-API v1 "gss_indicate_mechs" (REQUIRED ) ok.
GSS-API v1 "gss_display_status" (REQUIRED ) ok.
GSS-API v1 "gss_release_buffer" (REQUIRED ) ok.
GSS-API v1 "gss_release_oid_set" (REQUIRED ) ok.
GSS-API v2 "gss_inquire_names_for_mech" (requested) ok.
GSS-API v2 "gss_create_empty_oid_set" ( opt. ) ok.
GSS-API v2 "gss_add_oid_set_member" ( opt. ) ok.
GSS-API v2 "gss_test_oid_set_member" ( opt. ) ok.
Resolving Names management functions ...
GSS-API v1 "gss_compare_name" (REQUIRED ) ok.
GSS-API v1 "gss_display_name" (REQUIRED ) ok.
GSS-API v1 "gss_import_name" (REQUIRED ) ok.
GSS-API v1 "gss_release_name" (REQUIRED ) ok.
GSS-API v2 "gss_canonicalize_name" (requested) ok.
GSS-API v2 "gss_export_name" (requested) ok.
GSS-API v2 "gss_duplicate_name" ( opt. ) ok.
GSS-API v2 "gss_inquire_mechs_for_name" ( opt. )
(missing)
Resolving Credentials management functions ...
GSS-API v1 "gss_acquire_cred" (REQUIRED ) ok.
GSS-API v1 "gss_release_cred" (REQUIRED ) ok.
GSS-API v1 "gss_inquire_cred" (REQUIRED ) ok.
GSS-API v2 "gss_inquire_cred_by_mech" (requested) ok.
GSS-API v2 "gss_add_cred" ( opt. ) ok.
Resolving Context-level functions ...
GSS-API v1 "gss_init_sec_context" (REQUIRED ) ok.
GSS-API v1 "gss_accept_sec_context" (REQUIRED ) ok.
GSS-API v1 "gss_delete_sec_context" (REQUIRED ) ok.
GSS-API v1 "gss_context_time" (REQUIRED ) ok.
GSS-API v2 "gss_inquire_context" (REQUIRED ) ok.
GSS-API v2 "gss_export_sec_context" (requested) ok.
GSS-API v2 "gss_import_sec_context" (requested) ok.
GSS-API v2 "gss_wrap_size_limit" (requested) ok.
GSS-API v1 "gss_process_context_token" ( opt. ) ok.
Resolving V2 message protection functions ...
GSS-API v2 "gss_get_mic" (REQUIRED ) ok.
GSS-API v2 "gss_verify_mic" (REQUIRED ) ok.
GSS-API v2 "gss_wrap" (REQUIRED ) ok.
GSS-API v2 "gss_unwrap" (REQUIRED ) ok.
INcomplete GSS-API v2 implementation.
At least one of the "optional" calls is missing
Loading of GSS-API shared library completed.
Status: gss_indicate_mechs() == (GSS_S_COMPLETE)
mech_list from gss_indicate_mechs() contains 2 gss_OID elements:
{
[ 0] = {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
[ 1] = {1 3 5 1 5 2} MECH= Kerberos 5 (PRE-rfc1964)
}
SNC will recognize this mechanism OID and force this selection ---
Selecting mechanism (1) from GSS shared library #1:
{1 3 5 1 5 2} MECH= Kerberos 5 (PRE-rfc1964)
====================
Checking supported nametypes via gss_inquire_names_for_mech()
Status: gss_inquire_names_for_mech() == (GSS_S_COMPLETE)
====================
Testing generic gssapi functions ...
----------
TEST: passing mech_list from indicate_mechs() to release_oid_set()
Status: gss_indicate_mechs() == (GSS_S_COMPLETE)
Status: gss_release_oid_set() == (GSS_S_COMPLETE)
RESULT OK
-------
TEST: passing name_types from inquire_names_for_mech() to release_oid_set()
Status: gss_inquire_names_for_mech() == (GSS_S_COMPLETE)
name_types contains 8 gss_OID elements:
{
[ 0] = {1 2 840 113554 1 2 1 1} NT= GSS_C_NT_USER_NAME
[ 1] = {1 2 840 113554 1 2 1 2} NT= GSS_C_NT_MACHINE_UID_NAME
[ 2] = {1 2 840 113554 1 2 1 3} NT= GSS_C_NT_STRING_UID_NAME
[ 3] = {1 2 840 113554 1 2 1 4} NT= GSS_C_NT_HOSTBASED_SERVICE
[ 4] = {1 3 6 1 5 6 2} NT=
(GSS_C_NT_HOSTBASED_SERVICE_X)
[ 5] = {1 3 6 1 5 6 4} NT= GSS_C_NT_EXPORTED_NAME
[ 6] = {1 2 840 113554 1 2 2 1} NT= GSS_KRB5_NT_PRINCIPAL_NAME
[ 7] = {1 2 840 113554 1 2 2 2} NT= Huh? This is not in
rfc1964!
}
Status: gss_release_oid_set() == (GSS_S_COMPLETE)
RESULT OK
-------
====================
Testing credentials management functions ...
----------
TEST: *default* initiating credentials (acquire_cred default mechs)
Status: gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status: gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
RESULT NOT ok (rc=1)
-------
actual_mechs from gss_acquire_cred() contains 2 gss_OID elements:
{
[ 0] = {1 3 5 1 5 2} MECH= Kerberos 5 (PRE-rfc1964)
[ 1] = {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
}
Status: gss_display_name() == (GSS_S_COMPLETE)
----------
TEST: *default* initiating credentials (acquire_cred specific mechs)
Status: gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status: gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
Status: gss_compare_name() == (GSS_S_COMPLETE)
RESULT NOT ok (rc=1)
-------
TEST: *default* initiating credentials (inquire_cred only)
Status: gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
Status: gss_compare_name() == (GSS_S_COMPLETE)
RESULT NOT ok (rc=1)
-------
TEST: named default initiating credentials (acquire_cred with name)
Status: gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status: gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
Status: gss_compare_name() == (GSS_S_COMPLETE)
RESULT NOT ok (rc=1)
-------
TEST: acquire_cred and inquire_cred with NO optional parameters
Status: gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status: gss_inquire_cred Ini() == (GSS_S_COMPLETE)
RESULT OK
-------
Status: gss_release_cred() == (GSS_S_COMPLETE)
Status: gss_release_cred() == (GSS_S_COMPLETE)
Status: gss_release_cred() == (GSS_S_COMPLETE)
Status: gss_release_cred() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_release_oid_set() == (GSS_S_COMPLETE)
Status: gss_release_oid_set() == (GSS_S_COMPLETE)
Status: gss_release_oid_set() == (GSS_S_COMPLETE)
Status: gss_release_oid_set() == (GSS_S_COMPLETE)
Status: gss_release_oid_set() == (GSS_S_COMPLETE)
Status: gss_release_oid_set() == (GSS_S_COMPLETE)
Status: gss_release_oid_set() == (GSS_S_COMPLETE)
My own name/identity (from default creds) resolves to
"rzuser1/r2d2.example.net at EXAMPLE.NET"
Nametype oid = {1 2 840 113554 1 2 2 1} NT=
GSS_KRB5_NT_PRINCIPAL_NAME
TEST: Examining the exported name framing
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status: gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status: gss_export_name() == (GSS_S_COMPLETE)
exported name buffer = { length= 51, value= ptr:0x10049390 }
00000: 04 01 00 0b 06 09 2a 86 48 86 f7 12 01 02 02 00 ......*.
H.......
00010: 00 00 20 72 7a 75 73 65 72 31 2f 72 32 64 63 65 .. rzuse
r1/r2dce
00020: 30 30 31 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e
001.example. net at EXAMPLE.
00030: 4e 45 54 NET
Framing details for exported name (Section 3.2, GSS-API v2 spec):
TOK_ID : 00000: 04 01
MECH_OID_LEN = 11 : 00002: 00 0b
OID tag : 00004: 06
OID len = 9 : 00005: 09
OID elements : 00006: 2a 86 48 86 f7 12 01 02 02
= {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
NAME_LEN = 32 : 0000f: 00 00 00 20
NAME : 00013: 72 7a 75 73 65 72 31 2f rzuser1/
0001b: 72 32 64 63 65 30 30 31 r2d2
00023: 2e 72 6b 75 2e 6e 65 74 .example.net
0002b: 40 52 4b 55 2e 4e 45 54 @EXAMPLE.NET
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_release_buffer() == (GSS_S_COMPLETE)
RESULT NOT ok (rc=2)
-------
Since you didn't give me a target name, I'll try to talk to myself!
TEST: acquiring *default* initiating credentials (simple)
Status: gss_acquire_cred Ini() == (GSS_S_COMPLETE)
RESULT OK
-------
TEST: acquiring *default* initiating credentials (query)
Status: gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status: gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status: gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status: gss_export_name() == (GSS_S_COMPLETE)
exported name buffer = { length= 51, value= ptr:0x10048f80 }
00000: 04 01 00 0b 06 09 2a 86 48 86 f7 12 01 02 02 00 ......*.
H.......
00010: 00 00 20 72 7a 75 73 65 72 31 2f 72 32 64 63 65 .. rzuse
r1/r2dce
00020: 30 30 31 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e
001.example. net at EXAMPLE.
00030: 4e 45 54 NET
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x10049140 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
Status: gss_release_buffer() == (GSS_S_COMPLETE)
Status: gss_release_buffer() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
input name buffer = { length= 51, value= ptr:0x10049d28 }
00000: 04 01 00 0b 06 09 2a 86 48 86 f7 12 01 02 02 00 ......*.
H.......
00010: 00 00 20 72 7a 75 73 65 72 31 2f 72 32 64 63 65 .. rzuse
r1/r2dce
00020: 30 30 31 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e
001.example. net at EXAMPLE.
00030: 4e 45 54 NET
nametype oid = {1 3 6 1 5 6 4} NT=
GSS_C_NT_EXPORTED_NAME
Status: gss_import_name() == (GSS_S_COMPLETE)
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x10049240 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
newly imported = "rzuser1/r2d2.example.net at EXAMPLE.NET"
Status: gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status: gss_canonicalize_name() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status: gss_release_cred() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
RESULT NOT ok (rc=3)
-------
TEST: acquiring initiating credentials (gss_name_t)
Status: gss_acquire_cred Ini() == (GSS_S_COMPLETE)
RESULT OK
-------
TEST: acquiring initiating credentials (printable name)
input name buffer = { length= 32, value= ptr:0x10048e28 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
nametype oid = {1 2 840 113554 1 2 2 1} NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status: gss_import_name() == (GSS_S_COMPLETE)
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x10048688 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
newly imported = "rzuser1/r2d2.example.net at EXAMPLE.NET"
Status: gss_release_buffer() == (GSS_S_COMPLETE)
Status: gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
RESULT OK
-------
TEST: acquiring initiating credentials (can. printable name)
input name buffer = { length= 32, value= ptr:0x10048e28 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
nametype oid = {1 2 840 113554 1 2 2 1} NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status: gss_import_name() == (GSS_S_COMPLETE)
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x10049f18 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
newly imported = "rzuser1/r2d2.example.net at EXAMPLE.NET"
Status: gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status: gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status: gss_export_name() == (GSS_S_COMPLETE)
exported name buffer = { length= 51, value= ptr:0x10048888 }
00000: 04 01 00 0b 06 09 2a 86 48 86 f7 12 01 02 02 00 ......*.
H.......
00010: 00 00 20 72 7a 75 73 65 72 31 2f 72 32 64 63 65 .. rzuse
r1/r2dce
00020: 30 30 31 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e
001.example. net at EXAMPLE.
00030: 4e 45 54 NET
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x1004a1b8 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
Status: gss_release_buffer() == (GSS_S_COMPLETE)
Status: gss_release_buffer() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
input name buffer = { length= 51, value= ptr:0x10049f08 }
00000: 04 01 00 0b 06 09 2a 86 48 86 f7 12 01 02 02 00 ......*.
H.......
00010: 00 00 20 72 7a 75 73 65 72 31 2f 72 32 64 63 65 .. rzuse
r1/r2dce
00020: 30 30 31 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e
001.example. net at EXAMPLE.
00030: 4e 45 54 NET
nametype oid = {1 3 6 1 5 6 4} NT=
GSS_C_NT_EXPORTED_NAME
Status: gss_import_name() == (GSS_S_COMPLETE)
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x1004a098 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
newly imported = "rzuser1/r2d2.example.net at EXAMPLE.NET"
Status: gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status: gss_canonicalize_name() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
RESULT NOT ok (rc=3)
-------
TEST: acquiring accepting credentials for target (printable name)
for identity "rzuser1/r2d2.example.net at EXAMPLE.NET"
input name buffer = { length= 32, value= ptr:0x100484a0 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
nametype oid = {1 2 840 113554 1 2 2 1} NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status: gss_import_name() == (GSS_S_COMPLETE)
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x10049c58 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
newly imported = "rzuser1/r2d2.example.net at EXAMPLE.NET"
Status: gss_release_buffer() == (GSS_S_COMPLETE)
Status: gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_inquire_cred Acc() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status: gss_canonicalize_name() == (GSS_S_COMPLETE)
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x1004d390 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
nametype = {1 2 840 113554 1 2 2 1} NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status: gss_release_buffer() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
canonical identity "rzuser1/r2d2.example.net at EXAMPLE.NET"
RESULT NOT ok (rc=1)
-------
TEST: acquiring accepting credentials for target (can. printable name)
input name buffer = { length= 32, value= ptr:0x100484a0 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
nametype oid = {1 2 840 113554 1 2 2 1} NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status: gss_import_name() == (GSS_S_COMPLETE)
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x10049bd0 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
newly imported = "rzuser1/r2d2.example.net at EXAMPLE.NET"
Status: gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status: gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status: gss_export_name() == (GSS_S_COMPLETE)
exported name buffer = { length= 51, value= ptr:0x10049030 }
00000: 04 01 00 0b 06 09 2a 86 48 86 f7 12 01 02 02 00 ......*.
H.......
00010: 00 00 20 72 7a 75 73 65 72 31 2f 72 32 64 63 65 .. rzuse
r1/r2dce
00020: 30 30 31 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e
001.example. net at EXAMPLE.
00030: 4e 45 54 NET
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x1004d670 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
Status: gss_release_buffer() == (GSS_S_COMPLETE)
Status: gss_release_buffer() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
input name buffer = { length= 51, value= ptr:0x1004d538 }
00000: 04 01 00 0b 06 09 2a 86 48 86 f7 12 01 02 02 00 ......*.
H.......
00010: 00 00 20 72 7a 75 73 65 72 31 2f 72 32 64 63 65 .. rzuse
r1/r2dce
00020: 30 30 31 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e
001.example. net at EXAMPLE.
00030: 4e 45 54 NET
nametype oid = {1 3 6 1 5 6 4} NT=
GSS_C_NT_EXPORTED_NAME
Status: gss_import_name() == (GSS_S_COMPLETE)
Status: gss_display_name() == (GSS_S_COMPLETE)
gss_display_name() returned "rzuser1/r2d2.example.net at EXAMPLE.NET"
printable name buffer = { length= 32, value= ptr:0x10049bd0 }
00000: 72 7a 75 73 65 72 31 2f 72 32 64 63 65 30 30 31 rzuser1/ r2d2
00010: 2e 72 6b 75 2e 6e 65 74 40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
newly imported = "rzuser1/r2d2.example.net at EXAMPLE.NET"
Status: gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status: gss_canonicalize_name() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status: gss_release_name() == (GSS_S_COMPLETE)
Status: gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status: gss_release_name() == (GSS_S_COMPLETE)
RESULT NOT ok (rc=3)
-------
TEST: acquiring *default* accepting credentials (simple)
Status: gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status: gss_inquire_cred Acc() == (GSS_S_COMPLETE)
---
Christoph
More information about the Kerberos
mailing list