Authenticate against keytab file on Windows 7
Evan McPeters
emcpeters at anacapasciences.com
Tue Mar 18 16:59:52 EDT 2014
Hi, I am trying to use gss_accept_sec_context to authenticate a Kerberos
ticket against a keytab file (created using ktutil) on Windows 7. Both the
keytab file and ticket are being provided to me by another development team
(they created the keytab .
I base64 decode the ticket and pass it to gss_accept_sec_context but cannot
get any status code back beside GSS_S_FAILURE (with a minor status code of
0).
I have set my default keytab path like so:
_putenv("KRB5_KTNAME=C:\test.keytab");
At this point I'm stumped. I assume that there is no restriction to doing
this on Windows 7 that I should know about?
My current implementation is below (I have tried many different variations).
Thanks so much for any help you can provide!
Evan
_putenv("KRB5_KTNAME=C:\test.keytab");
char * token =
"AQBuggSFoQMCAQACjggkMIIEoKADAgEPNYYIDyTCCA8WgAwIB6iBwMFACAAABaEKGwhT";
int token_len = strlen(token);
input_token = (gss_buffer_t)
malloc(sizeof(gss_buffer_desc));
input_token->length = token_len;
input_token->value = token;
gss_name_t client = NULL;
gss_OID doid = (gss_OID)gss_mech_krb5;
OM_uint32 ret_flags = 0
OM_uint32 time_rec = 0;
gss_cred_id_t delegated_cred_handle;
OM_uint32 maj_stat;
OM_uint32 min_stat;
gss_ctx_id_t context = GSS_C_NO_CONTEXT;
gss_cred_id_t server_creds = GSS_C_NO_CREDENTIAL;
gss_buffer_desc output_token;
maj_stat = gss_accept_sec_context(&min_stat,
&context,
server_creds,
input_token,
GSS_C_NO_CHANNEL_BINDINGS,
&client,
&doid,
&output_token,
&ret_flags,
&time_rec,
&delegated_cred_handle);
NOTE: If I pass a string of random characters as the input token I can
manage to get a status of GSS_S_DEFECTIVE_TOKEN.
More information about the Kerberos
mailing list