Trouble Getting Ticket into Cache
trimkins@sbcglobal.net
trimkins at sbcglobal.net
Sun Feb 17 17:47:33 EST 2008
Hello,
I am new to Kerberos and am using it to authentication an application
user to my PostgreSQL database. I have written a test C program to
get a ticket into the cache. I've gotten the program, which is based
largely on a set of API calls from Brian Tung's "Kerberos: A Network
Authentication System", to compile and link but the executable always
throws a SIGSEGV segmentation fault. I've run it through gdb and it
always throws on krb5_get_in_tkt_with_password or
krb5_get_in_tkt_with_keytab (depending on which I am using). The
error text is "Failed to read a valid object file image from memory".
I am able to get a ticket into cache from the command line using kinit
-k -t /usr/lib/postgresql/8.2/etc/krb5.keytab application_user/
my.domain at MY.REALM. Interestingly enough, when I try to "kinit
application_user/my.domain at MY.REALM" and enter the password I get an
incorrect password error. I have a notion that that has something to
do with preauthentication, but do not have the time or resources to
fully investigate. That's why I'm using "krb5_get_in_tkt_with_keytab"
rather than "_with_password".
I know that I am supposed to be using krb5_get_init_creds* but could
not find enough background on the functions to substitute them.
Can anyone give me any idea of what I may be doing wrong?
Thanks much.
Angus Atkins-Trimnell
<<<< BEGIN CODE get_krb.c <<<<<<<<<<<
#include <krb5.h>
#include <sys/syslog.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <time.h>
#define KRB5_DEFAULT_OPTIONS 0
#define ENCTYPE_DES3_HMAC_SHA1 0x0010
#define krb5_get_err_text(context,code) error_message(code)
int main()
{
krb5_error_code retval;
time_t curr_time;
krb5_context context;
retval = krb5_init_context(&context);
if (retval)
{
return -1;
}
krb5_principal server;
krb5_sname_to_principal(context,
"my.domain",
"postgres", KRB5_NT_SRV_HST,
&server);
krb5_principal client;
krb5_sname_to_principal(context,
"my.domain",
"application_user", KRB5_NT_SRV_HST,
&client);
krb5_creds creds;
krb5_kdc_rep *kdc_rep;
krb5_ccache ccache;
memset ((char *) &creds, 0, sizeof (creds));
creds.client = client;
creds.server = server;
time(&curr_time);
creds.times.starttime = curr_time;
creds.times.endtime = curr_time + 600;
krb5_get_in_tkt_with_keytab(context,
KRB5_DEFAULT_OPTIONS,
(krb5_address **) 0,
(krb5_enctype *) 0,
(krb5_preauthtype *) 0,
(krb5_keytab *) "/usr/lib/postgresql/8.2/etc/krb5.keytab",
(krb5_ccache) 0,
creds, &kdc_rep);
return 0;
}
<<<< END CODE get_krb.c <<<<<<<<<<<
More information about the Kerberos
mailing list