GSSAPI client on Windows
Douglas E. Engert
deengert at anl.gov
Tue Aug 2 13:54:00 EDT 2005
Windows 98?! Better do what Jeff suggests. There may be issues
with how the Kerberos lib uses DNS from Windows 98. But I would bet
your problem is in not using gss_import_name.
SFBZH at aol.com wrote:
> Fri Jul 8 11:14:16 EDT 2005
> Douglas E. Engert wrote:
>>I agree with Jeff on this. Dont try and get a service ticket first. It
>>will just cause problems. And as you have said it failes either way, so
>>that is not the problem it does not get this far. But when you get the
>>real problem fixed, you want to use the gssapi as it was desiged to get
>>the ticket for you.
>>Still looks like a network/DNS problem to me.
>>Fix you network. Try nslookup on these names, and the
>>reverse lookups of the ip numbers.
> I've been a bit busy these days but here I am, back with my problem.
> I have fixed my network: I have a DNS service.
> On pc36, I can do:
> nslookup pc35
> nslookup pc36
> nslookup pc35.domain.com
> nslookup pc36.domain.com
> nslookup 192.168.0.35
> nslookup 192.168.0.36
> Everything work fine.
> The pc35 is a Win 98 workstation. nslookup is not supported. I have downloaded a program called nslook (port of nslookup on win32). All the test described above work fine.
> Let's get back on my kerberos client.
> pc36 : red hat station supporting the kerberos server.
> pc35 : win98 station supporting my kerberos client developped with GSSAPI.
> user name : user at DOMAIN.COM
> service name : server at pc36.DOMAIN.COM
> I launch kinit to get the TGT for the user and initiate the cache. Then I launch my client. The client is supposed to launch gss_acquire_cred as user at DOMAIN.COM and ask credentials with gss_init_sec_context for server at pc36.DOMAIN.COM.
> gss_acquire_cred works fine.
> gss_init_sec_context fails:
> min_status: -2045022973
> gss_display_status : Unknown routine error (field = 27)
> gssapi_err_generic.h : G_VALIDATE_FAILED
> Validation error
> maj_status: 50462720
> gss_display_status : A parameter was malformed
> The call is as following:
> majs = gss_init_sec_context(&mins, cred_handle, &context_handle,
> server_name, GSS_C_NULL_OID, GSS_C_MUTUAL_FLAG |GSS_C_DELEG_FLAG,
> GSS_C_INDEFINITE, NULL, GSS_C_NO_BUFFER, NULL, tocken, NULL, NULL);
> cred_handle is the result of gss_acquire_cred which return min_status and maj_status at 0. I assume it has a correct value.
> server_name is a name_buffer containing "server at pc36.DOMAIN.COM".
What is a name_buffer? Did you create this name_buffer by using
gss_import_name? that takes a gss_buffer_t with a string, and
converts it to a gss_name_t.
> tocken is a name_buffer initialized with GSS_C_NO_BUFFER.
Sould be a gss_buffer_t.
> mins, majs and context_handle are not initialized.
> To conclude, I have fixed my network but the problem remains.
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev