How to use GSS-API to add second credential

Newman, Edward (IDS GNS) edward_newman at ml.com
Wed Feb 16 09:36:32 EST 2005 

Jeffrey

Thanks for the suggestion. Added local definitions of OIDs as suggested
but now get

GSS-API error adding credentials: Unknown routine error (field = 17)
GSS-API error adding credentials: No error

Edward

-----Original Message-----
From: Jeffrey Altman [mailto:jaltman at mit.edu] 
Sent: 16 February 2005 13:46
To: Newman, Edward (IDS GNS)
Cc: krbdev at mit.edu
Subject: Re: How to use GSS-API to add second credential


Newman, Edward (IDS GNS) wrote:


> If I use "gss_mech_krb5" as the mechanism then I get an "unresolved 
> external" link error on Windows platform.

gss_mech_krb5 is a constant internal to the library which points into an
array of oids.  I have found that applications should maintain their own
list of supported mechanism OIDs when a specific mechanism is desired:

static CONST gss_OID_desc
my_krb5_gss_oid_array[] = {
    /* this is the official, rfc-specified OID */
    {9, "\052\206\110\206\367\022\001\002\002"},
    /* this is the v2 assigned OID */
    {9, "\052\206\110\206\367\022\001\002\003"},
    /* these two are name type OID's */
    {10, "\052\206\110\206\367\022\001\002\002\001"},
    {10, "\052\206\110\206\367\022\001\002\002\002"},
    { 0, 0 }
};

static CONST gss_OID_desc * CONST gss_mech_krb5 =
my_krb5_gss_oid_array+0; static CONST gss_OID_desc * CONST
gss_mech_krb5_v2 = 
my_krb5_gss_oid_array+1;
static CONST gss_OID_desc * CONST gss_nt_krb5_name = 
my_krb5_gss_oid_array+2;
static CONST gss_OID_desc * CONST gss_nt_krb5_principal = 
my_krb5_gss_oid_array+3;

> Looking at the gss-api code it looks like gss_add_cred tests for the 
> two mechanisms - gss_mech_krb5 & gss_mech_krb5_old - explicitly. These

> do not appear to be exported through gssapi32.lib so cannot be 
> resolved at link time. None of the other defined mechanisms appear to 
> match the tested values.

the gss_mech_krb5 and gss_mech_krb5_old which are tested within 
gss_add_cred() are global variables internal to the library and will not

result in linkage errors.  A linkage error will only occur if you 
attempt to reference these internal variables within the application 
linked to the gssapi32.dll.

Jeffrey Altman 
--------------------------------------------------------
 
If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail.     http://www.ml.com/email_terms/ 
--------------------------------------------------------

More information about the krbdev mailing list