How to use GSS-API to add second credential

Newman, Edward (IDS GNS) edward_newman at
Wed Feb 16 09:36:32 EST 2005


Thanks for the suggestion. Added local definitions of OIDs as suggested
but now get

GSS-API error adding credentials: Unknown routine error (field = 17)
GSS-API error adding credentials: No error


-----Original Message-----
From: Jeffrey Altman [mailto:jaltman at] 
Sent: 16 February 2005 13:46
To: Newman, Edward (IDS GNS)
Cc: krbdev at
Subject: Re: How to use GSS-API to add second credential

Newman, Edward (IDS GNS) wrote:

> If I use "gss_mech_krb5" as the mechanism then I get an "unresolved 
> external" link error on Windows platform.

gss_mech_krb5 is a constant internal to the library which points into an
array of oids.  I have found that applications should maintain their own
list of supported mechanism OIDs when a specific mechanism is desired:

static CONST gss_OID_desc
my_krb5_gss_oid_array[] = {
    /* this is the official, rfc-specified OID */
    {9, "\052\206\110\206\367\022\001\002\002"},
    /* this is the v2 assigned OID */
    {9, "\052\206\110\206\367\022\001\002\003"},
    /* these two are name type OID's */
    {10, "\052\206\110\206\367\022\001\002\002\001"},
    {10, "\052\206\110\206\367\022\001\002\002\002"},
    { 0, 0 }

static CONST gss_OID_desc * CONST gss_mech_krb5 =
my_krb5_gss_oid_array+0; static CONST gss_OID_desc * CONST
gss_mech_krb5_v2 = 
static CONST gss_OID_desc * CONST gss_nt_krb5_name = 
static CONST gss_OID_desc * CONST gss_nt_krb5_principal = 

> Looking at the gss-api code it looks like gss_add_cred tests for the 
> two mechanisms - gss_mech_krb5 & gss_mech_krb5_old - explicitly. These

> do not appear to be exported through gssapi32.lib so cannot be 
> resolved at link time. None of the other defined mechanisms appear to 
> match the tested values.

the gss_mech_krb5 and gss_mech_krb5_old which are tested within 
gss_add_cred() are global variables internal to the library and will not

result in linkage errors.  A linkage error will only occur if you 
attempt to reference these internal variables within the application 
linked to the gssapi32.dll.

Jeffrey Altman 
If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail. 

More information about the krbdev mailing list