GSSAPI client on Windows
SFBZH at aol.com
Tue Aug 2 12:51:03 EDT 2005
Fri Jul 8 11:14:16 EDT 2005
Douglas E. Engert wrote:
>I agree with Jeff on this. Dont try and get a service ticket first. It
>will just cause problems. And as you have said it failes either way, so
>that is not the problem it does not get this far. But when you get the
>real problem fixed, you want to use the gssapi as it was desiged to get
>the ticket for you.
>Still looks like a network/DNS problem to me.
>Fix you network. Try nslookup on these names, and the
>reverse lookups of the ip numbers.
I've been a bit busy these days but here I am, back with my problem.
I have fixed my network: I have a DNS service.
On pc36, I can do:
Everything work fine.
The pc35 is a Win 98 workstation. nslookup is not supported. I have downloaded a program called nslook (port of nslookup on win32). All the test described above work fine.
Let's get back on my kerberos client.
pc36 : red hat station supporting the kerberos server.
pc35 : win98 station supporting my kerberos client developped with GSSAPI.
user name : user at DOMAIN.COM
service name : server at pc36.DOMAIN.COM
I launch kinit to get the TGT for the user and initiate the cache. Then I launch my client. The client is supposed to launch gss_acquire_cred as user at DOMAIN.COM and ask credentials with gss_init_sec_context for server at pc36.DOMAIN.COM.
gss_acquire_cred works fine.
gss_display_status : Unknown routine error (field = 27)
gssapi_err_generic.h : G_VALIDATE_FAILED
gss_display_status : A parameter was malformed
The call is as following:
majs = gss_init_sec_context(&mins, cred_handle, &context_handle,
server_name, GSS_C_NULL_OID, GSS_C_MUTUAL_FLAG |GSS_C_DELEG_FLAG,
GSS_C_INDEFINITE, NULL, GSS_C_NO_BUFFER, NULL, tocken, NULL, NULL);
cred_handle is the result of gss_acquire_cred which return min_status and maj_status at 0. I assume it has a correct value.
server_name is a name_buffer containing "server at pc36.DOMAIN.COM".
tocken is a name_buffer initialized with GSS_C_NO_BUFFER.
mins, majs and context_handle are not initialized.
To conclude, I have fixed my network but the problem remains.
More information about the krbdev