Cannot acquire initiator cred using gss_acquire_cred with explicit name on Windows
Valerie Peng
Yu-Ching.Peng at Sun.COM
Thu Jan 26 22:11:28 EST 2006
Hi, all,
I downloaded kfw-3.0.0-final and unzipp'ed it under my personal directory.
I have an app which will load the gssapi32.dll and dynamically invoke
various gss functions. So far things work fine except this one problem
with gss_acquire_cred that looks like a bug in the MIT kerberos impl.
Here is what I tried:
=========================
major = gssIndicateMechs(&minor, &desired_mechs);
// gss_acquire_cred call#1
major = gssAcquireCred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
desired_mechs, GSS_C_INITIATE, &credHdl, NULL, NULL);
major = gssInquireCred(&minor, credHdl, &nameHdl, NULL, NULL, NULL);
// gss_acquire_cred call#2
major = gssAcquireCred(&minor, nameHdl, GSS_C_INDEFINITE,
desired_mechs, GSS_C_INITIATE, &credHdl, NULL, NULL);
...
major = gssImportName(&minor, &nameVal, nameType, &nameHdl);
// gss_acquire_cred call#3
major = gssAcquireCred(&minor, nameHdl, 0, desired_mechs,
GSS_C_ACCEPT, &credHdl2, NULL, NULL);
=========================
#1 and #3 of the above gss_acquire_cred(...) calls succeed while
#2 hangs.
I checked the major/minor status after each gss calls and did
not observe any problem up until call#2. If I commented out #2,
my app will run to its completion.
Any idea?
Thanks,
Valerie
More information about the Kerberos
mailing list