GSSAPI client on Windows SFBZH at
Mon Jul 4 12:55:50 EDT 2005

I have a MIT KDC on an UNIX station called pc36.
The entries are as follow:
kadmin/admin at DOMAIN.COM
kadmin/changepw at DOMAIN.COM
kadmin/history at DOMAIN.COM
kadmin/pc36 at DOMAIN.COM
server/pc36 at DOMAIN.COM
user at DOMAIN.COM

I want to create a client on a window 98 station (pc35) who will authenticate as user and who will contact a service server/pc36 on pc36

First, I create a cache on the W 98 station:
kinit user
kinit -S server/pc36 at DOMAIN.COM

I check that the TGT and the service ticket are in the cache with klist. I have 2 krb5 tickets. It's OK.

Now, I have to import them in the client.
(From now, we are in a C program using gssapi. I will only speak about the client: it fails in a situation where the server is not usefull)

I put "user at DOMAIN.COM" in a gss_buffer_t. I set the length. I gss_import_name this in a gss_name_t (local_name) and I release the buffer.

I do the same thing with the server name "server/pc36 at DOMAIN.COM" in server_name

I acquire the credential with the user name and default walues:
majs = gss_acquire_cred(&mins, local_name,
  &cred_handle, NULL, NULL);
No pb

I try to acquire the security_context and it fails.
majs = gss_init_sec_context(&mins, cred_handle,
  &context_handle, server_name, GSS_C_NULL_OID,
  NULL, GSS_C_NO_BUFFER, &oid, tocken, NULL, NULL);
The error is "An invalid name was supplied". I suppose it refers to the service name (server/pc36 at DOMAIN.COM).

I have made an other test with a different name for the server:
The KDC is exactly the same. I get the TGT and the service ticket in the cache. I just modify the service name in the client code. I put "server/pc36" instead of "server/pc36 at DOMAIN.COM". It fails again but the error generated by gss_init_sec_context is different and I don't understand it.
The majs (major status) is 524288
gss_display_status says: "No context has been established"
The minor status is -2045022973

What should I do to make it work?
My krb5.ini seems to be OK but I can send it to you if you want...


More information about the krbdev mailing list