question on gss_acquire_cred
Ken Raeburn
raeburn at MIT.EDU
Fri Nov 2 15:46:13 EDT 2007
On Nov 2, 2007, at 15:17, Priya Govindarajan wrote:
> When I execute gss_server as another other user I get the following
> error
> "server_acquire_creds: sample
> server_acquire_creds: calling gss_acquire_credGSS-API error acquiring
> credentials: Miscellaneous failure
> GSS-API error acquiring credentials: Permission denied"
>
> My understanding is gss_acquire_cred tries to get the default
> credential
> from credential cache. How does gss_server as user root is able to
> execute gss_acquire_cred function without any cred in credential
> cache.
> What is problem when executing gss_server as anyother user ?
When trying to get "acceptor" (server) credentials, acquire_cred for
the Kerberos mechanism will look at the keytab for the service, not
at the current credentials cache. So that's where the permission-
denied problem would be coming up. (I think this is one of the error
messages we've clarified since the 1.6 branch, but I should check...)
Ken
More information about the Kerberos
mailing list