GSSAPI client on Windows

Douglas E. Engert deengert at anl.gov
Tue Jul 5 15:48:50 EDT 2005 


SFBZH at aol.com wrote:

> Thank you Jeffrey but my program still fails the same way.
> 
> I have replaced my "server/pc36 at DOMAIN.COM" with a "server/pc36.domain.com at DOMAIN.COM" in the KDC.
> I have imported the ticket in the pc35 local cache and I have modified my client program to ask for server/pc36.domain.com at DOMAIN.COM credentials:
> 
> 
>>/* create server name */
>>name_string = (char *)malloc(32 * sizeof(char));
>>strcpy(name_string, "server/pc36.domain.com at DOMAIN.COM");
>>
>>name_buffer=(gss_buffer_t)malloc(sizeof(gss_buffer_t));
>>name_buffer->value = name_string;
>>name_buffer->length = strlen(name_buffer->value) + 1;
>>
>>majs = gss_import_name(&mins, name_buffer, 
>> GSS_C_NT_HOSTBASED_SERVICE, &server_name);

gss_import_name takes a <service>@<host> which is not a principal
so you shold be passing "server at pc36.domain.com".  The Kerberos
gssapi will map this to a principal and figure out the realm.


>>gss_release_buffer(&mins, name_buffer);
>>
>>/* get service credentials */
>>tocken=(gss_buffer_t)malloc(sizeof(gss_buffer_t));
>>majs = gss_init_sec_context(&mins, cred_handle,
>> &context_handle, server_name, GSS_C_NULL_OID,
>> GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG, GSS_C_INDEFINITE,
>> NULL, GSS_C_NO_BUFFER, &oid, tocken, NULL, NULL);
> 
> 
> The test is exactly the same as the one described in my previous mail. The only difference is the service name. The result is exacly the same: "An invalid name was supplied" with the same values in mins and majs.
> 
> I must be doing an other mistake.
> 
> My host file contains:
> 
>>aaa.bbb.ccc.36  pc36.domain.com  pc36
> 
> 
> and my krb5.ini:
> 
>>[libdefaults]
>>  default_domain = domain.com
>>  default_realm = DOMAIN.COM
>>
>>[realms]
>>  DOMAIN.COM = {
>>      admin_server = pc36:750
>>      kdc = pc36:88
>>  }
> 
> 
> Best regards
> 
> M
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
> 
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list