Trouble Getting Ticket into Cache

trimkins@sbcglobal.net trimkins at sbcglobal.net
Sun Feb 17 17:47:33 EST 2008 

Hello,

I am new to Kerberos and am using it to authentication an application
user to my PostgreSQL database.  I have written a test C program to
get a ticket into the cache.  I've gotten the program, which is based
largely on a set of API calls from Brian Tung's "Kerberos: A Network
Authentication System", to compile and link but the executable always
throws a SIGSEGV segmentation fault.  I've run it through gdb and it
always throws on krb5_get_in_tkt_with_password or
krb5_get_in_tkt_with_keytab (depending on which I am using).  The
error text is "Failed to read a valid object file image from memory".

I am able to get a ticket into cache from the command line using kinit
-k -t /usr/lib/postgresql/8.2/etc/krb5.keytab application_user/
my.domain at MY.REALM.  Interestingly enough, when I try to "kinit
application_user/my.domain at MY.REALM" and enter the password I get an
incorrect password error.  I have a notion that that has something to
do with preauthentication, but do not have the time or resources to
fully investigate.  That's why I'm using "krb5_get_in_tkt_with_keytab"
rather than "_with_password".

I know that I am supposed to be using krb5_get_init_creds* but could
not find enough background on the functions to substitute them.

Can anyone give me any idea of what I may be doing wrong?

Thanks much.

Angus Atkins-Trimnell

<<<< BEGIN CODE get_krb.c <<<<<<<<<<<


#include <krb5.h>
#include <sys/syslog.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <time.h>
#define KRB5_DEFAULT_OPTIONS 0
#define ENCTYPE_DES3_HMAC_SHA1 0x0010
#define krb5_get_err_text(context,code) error_message(code)

int main()
{
	krb5_error_code retval;
	time_t curr_time;

	krb5_context context;
        retval = krb5_init_context(&context);
	if (retval)
	{
		return -1;
	}

	krb5_principal server;
	krb5_sname_to_principal(context,
				"my.domain",
				"postgres", KRB5_NT_SRV_HST,
				&server);

	krb5_principal client;
	krb5_sname_to_principal(context,
				"my.domain",
				"application_user", KRB5_NT_SRV_HST,
				&client);

	krb5_creds creds;
	krb5_kdc_rep *kdc_rep;
	krb5_ccache ccache;

	memset ((char *) &creds, 0, sizeof (creds));
	creds.client = client;
	creds.server = server;
	time(&curr_time);
	creds.times.starttime = curr_time;
	creds.times.endtime = curr_time + 600;
	krb5_get_in_tkt_with_keytab(context,
					KRB5_DEFAULT_OPTIONS,
					(krb5_address **) 0,
					(krb5_enctype *) 0,
					(krb5_preauthtype *) 0,
					(krb5_keytab *) "/usr/lib/postgresql/8.2/etc/krb5.keytab",
					(krb5_ccache) 0,
					creds, &kdc_rep);

	return 0;
}

<<<< END CODE get_krb.c <<<<<<<<<<<

More information about the Kerberos mailing list