gss_acquire_cred returns error on machine with the name different

Jeffrey Altman jaltman2 at nyc.rr.com
Sat May 13 14:37:28 EDT 2006 

What is the minor status output from gss_acquire_cred()?

That will tell you why the attempt to obtain the keytab entry failed.

Jeffrey Altman


Sergey Klyushin wrote:
> Hello.
> 
>  
> 
> Could you help with the following issue with MIT Kerberos libraries for
> Windows.
> 
>  
> 
> 1. Principal for "service/mymachine1.domain.com at REALM" was exported to
> keytab file.
> 
> 2.  Keytab file (krb5kt) placed in Windows directory on
> "mymachine1.domain.com" and
> 
> "mymachine2.domain.com"
> 
> 3.  Application uses "service at mymachine1.domain.com" to get service
> credentials.
> 
> 3.1 
> 
> int test_function (char *service_name, gss_cred_id_t *server_creds)
> 
> {
> 
>             gss_buffer_desc name_buf;
> 
>             gss_name_t server_name;
> 
>             OM_uint32 maj_stat, min_stat;
> 
>  
> 
>             name_buf.value = service_name;
> 
>             name_buf.length = strlen (name_buf.value) + 1;
> 
>  
> 
>             maj_stat = gss_import_name (&min_stat, &name_buf,
> gss_nt_service_name, &server_name);
> 
>  
> 
>             if (maj_stat != GSS_S_COMPLETE) 
> 
>             {
> 
>                         return -1;
> 
>             }
> 
>  
> 
>             maj_stat = gss_acquire_cred (&min_stat, server_name, 0,
> GSS_C_NULL_OID_SET, GSS_C_ACCEPT, server_creds, NULL, NULL);
> 
>             if (maj_stat != GSS_S_COMPLETE) 
> 
>             {
> 
>                         return -2;
> 
>             }
> 
>  
> 
>             maj_stat = gss_release_name (&min_stat, &server_name);
> 
>  
> 
>             return 0;
> 
> } 
> 
> 4. test_function ("service at mymachine1.domain.com", server_creds) returns 0
> (OK) on "mymachine1.domain.com"
> 
> 5. However test_function ("service at mymachine1.domain.com", server_creds)
> returns -2 (ERROR) on "mymachine2.domain.com"
> 
> 5.1 gss_acquire_cred returns 
> 
> maj_stat = 0xD0000 (Miscellaneous failure) and 
> 
> min_stat = 0x25EA101  (No principal in keytab matches desired name)
> 
>  
> 
> Please note that keytab file and service name paramter are the same on both
> machines.
> 
>  
> 
> I tried with MIT for Windows 3.0 and 2.6.5
> 
>  
> 
> What could be wrong?
> 
>  
> 
> Thanks in advance,
> 
> Sergey Klyushin
> 
>  
> 
>  
> 
>  
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list