gss_acquire_cred returns error on machine with the name different from principal name

Sergey Klyushin sergey.klyushin at gmail.com
Wed May 3 16:34:15 EDT 2006


Hello.

 

Could you help with the following issue with MIT Kerberos libraries for
Windows.

 

1. Principal for "service/mymachine1.domain.com at REALM" was exported to
keytab file.

2.  Keytab file (krb5kt) placed in Windows directory on
"mymachine1.domain.com" and

"mymachine2.domain.com"

3.  Application uses "service at mymachine1.domain.com" to get service
credentials.

3.1 

int test_function (char *service_name, gss_cred_id_t *server_creds)

{

            gss_buffer_desc name_buf;

            gss_name_t server_name;

            OM_uint32 maj_stat, min_stat;

 

            name_buf.value = service_name;

            name_buf.length = strlen (name_buf.value) + 1;

 

            maj_stat = gss_import_name (&min_stat, &name_buf,
gss_nt_service_name, &server_name);

 

            if (maj_stat != GSS_S_COMPLETE) 

            {

                        return -1;

            }

 

            maj_stat = gss_acquire_cred (&min_stat, server_name, 0,
GSS_C_NULL_OID_SET, GSS_C_ACCEPT, server_creds, NULL, NULL);

            if (maj_stat != GSS_S_COMPLETE) 

            {

                        return -2;

            }

 

            maj_stat = gss_release_name (&min_stat, &server_name);

 

            return 0;

} 

4. test_function ("service at mymachine1.domain.com", server_creds) returns 0
(OK) on "mymachine1.domain.com"

5. However test_function ("service at mymachine1.domain.com", server_creds)
returns -2 (ERROR) on "mymachine2.domain.com"

5.1 gss_acquire_cred returns 

maj_stat = 0xD0000 (Miscellaneous failure) and 

min_stat = 0x25EA101  (No principal in keytab matches desired name)

 

Please note that keytab file and service name paramter are the same on both
machines.

 

I tried with MIT for Windows 3.0 and 2.6.5

 

What could be wrong?

 

Thanks in advance,

Sergey Klyushin

 

 

 




More information about the Kerberos mailing list