GSSAPI client on Windows

SFBZH@aol.com SFBZH at aol.com
Tue Jul 5 04:04:59 EDT 2005 

I have two computers:
pc36 is a Linux Red Hat 6.2 station supporting the kdc and the service.
pc35 is a Windows 98 station supporting the client.
I try to code the client with MIT krb5 gssapi. The error occurs with gss_init_sec_context.

My pb occurs before the service becomes usefull so I won't talk about it.

The KDC (MIT kerberos KDC) contains these entries:
The entries are as follow:
kadmin/admin at DOMAIN.COM
kadmin/changepw at DOMAIN.COM
kadmin/history at DOMAIN.COM
kadmin/pc36 at DOMAIN.COM
krbtgt/DOMAIN.COM at DOMAIN.COM
server/pc36 at DOMAIN.COM
user at DOMAIN.COM

On the W98 "pc35", I get the TGT & the ticket service with kinit:
kinit -5 user
kinit -5 -S server/pc36 at DOMAIN.COM

I check the cache with klist. Both tickets are here:

> Ticket cache: API:krb5cc
> Default principal: user at DOMAIN.COM
>
> Valid starting     Expires            Service principal
> 07/05/05 09:59:42  07/05/05 20:00:00  server/pc36 at DOMAIN.COM
>
> Kerberos 4 ticket cache: API:krb4cc
> KLIST.EXE: No ticket file (tf_util)

Now, I'll create a client with the MIT krb5 gssapi wich will acquire cred & init_sec_context:
First, I init the client and the service names.
I create two gss_buffer_t. I fill one with "user at DOMAIN.COM" and the other with "server/pc36 at ETIAM.COM". I edit the length field and I put those two names in gss_name_t structures with gss_import_name. The client gss_name_t is "local_name" ans the service gss_name_t is "server_name".
I set the gss_cred_id_t "cred_handle":

majs = gss_acquire_cred(&mins, local_name, GSS_C_INDEFINITE,
  GSS_C_NO_OID_SET, GSS_C_INITIATE, &cred_handle, NULL, NULL);

majs is 0. The cred_handle seems to be OK.

Now, I set the gss_ctx_id_t "context_handle" and the gss_buffer_t "tocken":

majs = gss_init_sec_context(&mins, cred_handle,
  &context_handle, server_name, GSS_C_NULL_OID,
  GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG, GSS_C_INDEFINITE,
  NULL, GSS_C_NO_BUFFER, &oid, tocken, NULL, NULL);

The error is "An invalid name was supplied". (gss_display_status with majs)
mins = -2045022973
majs = 50462720
The server_name is "server/pc36 at DOMAIN.COM" and the ticket in the local cache is also "server/pc36 at DOMAIN.COM".

What am I doing wrong?
If you need any other detail (krb5.ini for exemple), feel free to ask.

Best regards

M

More information about the krbdev mailing list