Not getting delegation credential from gss_accept_sec_context()

Xie, Hugh hugh.xie at bankofamerica.com
Thu Oct 9 13:57:10 EDT 2014


Correction. #3 is gss_release_buffer on output_token.

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of Xie, Hugh
Sent: Thursday, October 09, 2014 1:45 PM
To: Greg Hudson; 'Kerberos at mit.edu'
Subject: RE: Not getting delegation credential from gss_accept_sec_context()

Found the issue. It is order the function calls that matters:
Here is the order of call that produced the error:
1. gss_init_sec_context
2. gss_release_cred on the deleted_cred_handle (passed to #1 call) 3. gss_release_cred on output_token 4. gss_inquire_context

If I switch the order to either 1,3,2,4 or 1,3,4,2, then the error disappear.

-----Original Message-----
From: Greg Hudson [mailto:ghudson at mit.edu]
Sent: Thursday, October 09, 2014 12:45 PM
To: Xie, Hugh; 'Kerberos at mit.edu'
Subject: Re: Not getting delegation credential from gss_accept_sec_context()

On 10/09/2014 07:12 AM, Xie, Hugh wrote:
> Perhaps this is a bug. Gss_init_sec_context did return GSS_S_COMPLETE 
> for me.

I don't think we have a bug such that gss_inquire_context on an established context would return GSS_S_NO_CONTEXT, no; that would show up in our automated tests.  Make sure you're passing gss_inquire_context the gss_ctx_id_t itself and not a pointer to it.  If you're still seeing a problem, you'll probably need to trace through it on your end.

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient, please delete this message.
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient, please delete this message.


More information about the Kerberos mailing list