Kerberos contexts - definition?

Russ Allbery rra at stanford.edu
Mon Aug 27 12:44:43 EDT 2012


Derek Warren <warren at sfu.ca> writes:

> Given a working Kerberos environment where I can kinit -k HOST$ and add
> a service principal:

> 1) What is a Kerberos context?

A Kerberos context is an internal data structure that's required for all
other operations in the standard Kerberos API.  Creating a new Kerberos
context is the first step in any software that uses the Kerberos API
directly.

> 2) Why would rpc.gssd on the client be unsuccessful in creating a
> Kerberos context?

This depends on whether they're using the term in the standard Kerberos
API way, or whether they mean something different by it.

If the reported error message refers to the API construct called the
Kerberos context, the message would mean that krb5_init_context() failed.
Very few things can cause this to fail.  The most common is that the
krb5.conf file used for this program is either corrupt or unreadable.

However, it could mean that they mean something more generic by this error
message, such as "authentication failed" or "couldn't find your ticket
cache" or "couldn't obtain service tickets."  My guess is that it's just a
sloppy error message and means "something related to Kerberos that we were
trying to do didn't work."

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list