Question about gss-client

lizhong lizhong at ncic.ac.cn
Thu Aug 24 23:48:33 EDT 2006 

I changed the gss_import_name's third parameter from gss_nt_service_name to GSS_C_NT_USER_NAME, and the client works well now.
Server:
[root at gcnode029 gss-sample]# ./gss-server test
Client:
[root at gcnode026 gss-sample]# ./gss-client gcnode029.cap test/gcnode029 "hello"
Where test/gcnode029 at test.com is the SPN of the gss-server

----- Original Message ----- 
From: "lizhong" <lizhong at ncic.ac.cn>
To: <kerberos at mit.edu>
Sent: Friday, August 25, 2006 10:42 AM
Subject: Question about gss-client


> Hi all,
>    I have started gss-server on machine gcnode029, and now I try to start gss-client on machine gcnode026.
>    But I found that everytime I run gss-client with cmd:
> [root at gcnode026 gss-sample]# ./gss-client gcnode029.cap test "adde"
> 
>    The gss-server will tell me that :
> GSS-API error accepting context: Unspecified GSS failure.  Minor code may provide more information
> GSS-API error accepting context: Wrong principal in request
> 
>    And log of the kdc server as follows:
> Aug 25 09:47:29 gcnode028 krb5kdc[2852](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.10.26: ISSUE: authtime 1156470446, etypes {rep=1 tkt=1 ses=1}, tt/tt at test.com for test/gcnode026 at test.com
>    It seems that the kdc server did not give the gss-client the right service ticket for test/gcnode029 at test.com.
>    If I run gss-client on gcnode029, everything runs well, and the kdc log :
> Aug 25 09:18:29 gcnode028 krb5kdc[2852](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.10.26: ISSUE: authtime 1156468709, etypes {rep=1 tkt=1 ses=1}, aa/aa at test.com for test/gcnode029 at test.com
>    I guess the gss-client/gss-server are designed to run on two different machines.So why did the gss-client ask for a wrong ticket?How can I get ticket for test/gcnode029 at test.com on gcnode026?


--------------------------------------------------------------------------------


> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list