GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not found in keytab
kerberos.enthusiast at gmail.com
Fri Nov 11 10:33:51 EST 2022
It seems, if multiple servers supply separate keytabs, then the
subsequent kerberos auth request targeted for multiple kerberos servers
with separate keytabs and application keep on
updating "default_keytab_name" global variable and it causes some of the
authentication requests to fail and it throws this error
*"GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not
found in keytab" *(major code - 186a5, d0000)
Using this api *krb5_gss_register_acceptor_identity() *to set the default
keytab file for kerberos authentication.
It seems to be a single global keytab file used by the krb5 library.
Can we use any other gss_api to maintain the local context of the keytab
file and send this keytab for every authentication request?
On Fri, 11 Nov 2022 at 19:20, Kerberos Enthusiast <
kerberos.enthusiast at gmail.com> wrote:
> Hello Kerberos,
> I am trying to make a windows client authenticate with an authentication
> server(using AD machine for KDC) to access multiple services.
> There is a multiple keytab file per authentication server.
> But I'm facing this error below, while this does not occur every time, it
> occurred when sending multiple authentication requests (around 200
> requests) for the same service from different client machines while users
> are already domain users.
> *GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not
> found in keytab*
> Probability of this issue occurring is around 20% only.
> Using GSS-API to acquire cred : gss_acquire_cred().
> For loading keytab file : krb5_gss_register_acceptor_idennntity().
> How can we resolve this?
> Can we use any other GSS-API in place of this?
More information about the Kerberos