Can't acquire stored impersonated creds from cache

Martin Gee geemang_2000 at yahoo.com
Sun Sep 20 07:46:33 EDT 2015


Version: 1.14I'm attempting to cache some impersonated credentials by using gss_store_cred with the output cred from gss_acquire_cred_impersonate_name.I see the credential via klist after my program runs.

See the user1 cred. gss_store_cred also seems to store the krbtgt again too.Ticket cache: FILE:/tmp/krb5cc_500
Default principal: host/centos.ics.local at ICS.LOCAL

Valid starting       Expires              Service principal
09/19/2015 14:46:39  09/20/2015 00:46:39  krbtgt/ICS.LOCAL at ICS.LOCAL
    renew until 09/26/2015 14:46:39
09/19/2015 14:46:39  09/20/2015 00:46:39  HTTP/poc.ics.local at ICS.LOCAL
    renew until 09/26/2015 14:46:39
09/19/2015 14:46:39  09/20/2015 00:46:39  host/centos.ics.local at ICS.LOCAL
    for client user1 at ICS.LOCAL, renew until 09/26/2015 14:46:39
09/19/2015 14:46:39  09/20/2015 00:46:39  krbtgt/ICS.LOCAL at ICS.LOCAL
    renew until 09/26/2015 14:46:39
When my program runs again I assume gss_acquire_cred_impersonate_name will retrieve the cached cred as the trace seems to show.env KRB5_TRACE=/dev/stdout ./GSSAPIMemory 
[11305] 1442692131.574904: Retrieving host/centos.ics.local at ICS.LOCAL from FILE:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success
gss_acquire_cred:   { 1 2 840 113554 1 2 2 }
[11305] 1442692131.575507: Getting credentials user1 at ICS.LOCAL -> host/centos.ics.local at ICS.LOCAL using ccache FILE:/tmp/krb5cc_500
[11305] 1442692131.575587: Retrieving user1 at ICS.LOCAL -> host/centos.ics.local at ICS.LOCAL from FILE:/tmp/krb5cc_500 with result: 0/Success
cleanup
Major gss_acquire_cred_impersonate_name:851968 - Unspecified GSS failure.  Minor code may provide more information
Minor gss_acquire_cred_impersonate_name:-2045022969 - Credential usage type is unknown
But the call seems to error out as shown. I am using GSS_C_INITIATE as the usage type.Am I missing something?


More information about the Kerberos mailing list