[krbdev.mit.edu #8384] [Urgent] A bug in Kerberos V5 API "gss_acquire_cred"
Yu Hong JM Ma via RT
rt-comment at krbdev.mit.edu
Tue Mar 15 00:33:35 EDT 2016
<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial;font-size:10.5pt" ><div dir="ltr" >Dear Kerberos V5 specialist:</div>
<div dir="ltr" > </div>
<div dir="ltr" >When I was using krb5_1.10, I encounterd following issue:</div>
<div dir="ltr" > </div>
<div dir="ltr" >For API gss_acquire_cred, </div>
<div dir="ltr" > </div>
<div dir="ltr" >OM_uint32 KRB5_CALLCONV<br>gss_acquire_cred(minor_status,<br> desired_name,<br> time_req,<br> <strong>desired_mechs,</strong><br> cred_usage,<br> output_cred_handle,<br> actual_mechs,<br> time_rec)</div>
<div dir="ltr" >if I set the desired_mechs to "GSS_C_NO_OID_SET", the minor status code returned will be for kerberos mech "spnego". This is because the API gss_acquire_cred will call gss_add_cred, and only record the last loop's major and minor code.</div>
<div dir="ltr" > </div>
<div dir="ltr" ><img src="cid:14580075347260" ></div>
<div dir="ltr" >With the major and minor code returned from this gss_acquire_cred(), I can't obtain the correct error message with error code returned from mech spnego.</div>
<div dir="ltr" > </div>
<div dir="ltr" >However, from GSS user mannual, if see if I set GSS_C_NO_OID_SET, the code will choose a default mechanism for me (kerberos V5).</div>
<div dir="ltr" >Could you please help clarity this bug, and make end uses get correct major and minor code? Since if I pass the minor code "10004" (returned from gss_acquire_cred) into API gss_display_status, I will get no error message.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Best Regards,<br><br>Ma Yuhong <br>Platform Symphony, CSTL IBM System & Technology Group, Development<br>Email: myubj at cn.ibm.com</div></div><BR>
More information about the krb5-bugs
mailing list