Query, Need help for building principal and retrieving service cred from cache.

Santosh Kumar santoshjeergi at gmail.com
Tue Nov 27 05:24:17 EST 2018 

 Greg,

  Thank you,  crash is fixed by the additional build_principal for client
principal.

   now while retrieving from cache -  "Matching credential not found"


char * serverRealm =  "PCSQALAB.NET"
char * HTTPSVC = "HTTP"
char * server = "Parent-2K16.pcsqalab.net"


krb5_creds inCred, outCred;
memset(&inCred, 0, sizeof(inCred)); memset(&outCred, 0, sizeof(outCred));


        m_error =krb5_build_principal_ext(m_context,&inCred.server,
                                          strlen(serverRealm), serverRealm,
                                          strlen(HTTPSVC),HTTPSVC,
                                          strlen(server),server,
                                          0);

     *   m_error =krb5_build_principal_ext(m_context,&inCred.client,*
*                                          strlen(serverRealm),
serverRealm, *
*                                         strlen(serverRealm), serverRealm,
 0);*

         flags = 0;
         m_error = krb5_cc_retrieve_cred(m_context, m_cache, flags,
&inCred, &outCred);    /*/ need 3rd service ticket from the below cache.*

*Below is the cache contents, *
Ticket cache: FILE:/tmp/krb5cc_36073
Default principal: host/PXE-DEV.PCSQALAB.NET at PCSQALAB.NET

Valid starting     Expires            Service principal
11/26/18 15:49:44  11/27/18 01:49:44  krbtgt/PCSQALAB.NET at PCSQALAB.NET
                -----(1)
        renew until 12/03/18 15:49:44
11/26/18 15:50:15  11/27/18 01:49:44  host/PXE-DEV.PCSQALAB.NET at PCSQALAB.NET
                ------(2)
        for client leema\@PCSQALAB.NET at PCSQALAB.NET, renew until 12/03/18
15:49:44
11/26/18 15:50:15  11/27/18 01:49:44  http/
Parent-2K16.PCSQALAB.NET at PCSQALAB.NET            ------(3)
        for client leema\@PCSQALAB.NET at PCSQALAB.NET, renew until 12/03/18
15:49:44


Am i building the wrong client or server principal, could you/anyone please
suggest.





On Mon, Nov 26, 2018 at 10:47 PM Greg Hudson <ghudson at mit.edu> wrote:

> On 11/26/2018 06:30 AM, Santosh Kumar wrote:
> >   i'm getting crash:
> >
> > (gdb) bt
> > #0  0xf7673f60 in krb5_principal_compare_flags (context=0xa449930,
> > princ1=0x0, princ2=0xa444ab0, flags=0) at princ_comp.c:108
> > #1  0xf7674183 in krb5_principal_compare (context=0xa449930, princ1=0x0,
> > princ2=0xa444ab0) at princ_comp.c:169
> > #2  0xf764f1ec in standard_fields_match (context=0xa449930,
> whichfields=0,
> > mcreds=0xfff48dc8, creds=0xfff48ba0) at cc_retr.c:67
>
> You need to set a client principal in the matching cred.  Heimdal allows
> searching for just the server principal, but MIT's library does not.
>
> >   should i use  code = krb5int_construct_matching_creds(context, options,
> > in_creds,  &mcreds, &fields); before calling retrive from cache.
>
> That's an internal function (as indicated by the "int" in the prefix),
> so you can't use it in an application.
>

More information about the Kerberos mailing list