GSSAPI client on Windows
SFBZH at aol.com
Mon Jul 4 12:55:50 EDT 2005
I have a MIT KDC on an UNIX station called pc36.
The entries are as follow:
kadmin/admin at DOMAIN.COM
kadmin/changepw at DOMAIN.COM
kadmin/history at DOMAIN.COM
kadmin/pc36 at DOMAIN.COM
krbtgt/DOMAIN.COM at DOMAIN.COM
server/pc36 at DOMAIN.COM
user at DOMAIN.COM
I want to create a client on a window 98 station (pc35) who will authenticate as user and who will contact a service server/pc36 on pc36
First, I create a cache on the W 98 station:
kinit -S server/pc36 at DOMAIN.COM
I check that the TGT and the service ticket are in the cache with klist. I have 2 krb5 tickets. It's OK.
Now, I have to import them in the client.
(From now, we are in a C program using gssapi. I will only speak about the client: it fails in a situation where the server is not usefull)
I put "user at DOMAIN.COM" in a gss_buffer_t. I set the length. I gss_import_name this in a gss_name_t (local_name) and I release the buffer.
I do the same thing with the server name "server/pc36 at DOMAIN.COM" in server_name
I acquire the credential with the user name and default walues:
majs = gss_acquire_cred(&mins, local_name,
GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_INITIATE,
&cred_handle, NULL, NULL);
I try to acquire the security_context and it fails.
majs = gss_init_sec_context(&mins, cred_handle,
&context_handle, server_name, GSS_C_NULL_OID,
GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG, GSS_C_INDEFINITE,
NULL, GSS_C_NO_BUFFER, &oid, tocken, NULL, NULL);
The error is "An invalid name was supplied". I suppose it refers to the service name (server/pc36 at DOMAIN.COM).
I have made an other test with a different name for the server:
The KDC is exactly the same. I get the TGT and the service ticket in the cache. I just modify the service name in the client code. I put "server/pc36" instead of "server/pc36 at DOMAIN.COM". It fails again but the error generated by gss_init_sec_context is different and I don't understand it.
The majs (major status) is 524288
gss_display_status says: "No context has been established"
The minor status is -2045022973
What should I do to make it work?
My krb5.ini seems to be OK but I can send it to you if you want...
More information about the krbdev