GSSAPI client on Windows
SFBZH@aol.com
SFBZH at aol.com
Thu Jul 7 05:29:04 EDT 2005
"Douglas E. Engert" <deengert at anl.gov> wrote:
>Try using the ethereal program on the clientto trace network activity.
>It might show what is goinhg on, including Kerberos traffic with the
>KDC.
The problem doesn't seem to be a network problem because I import the TGT & the service ticket in the local cache before starting the client. Anyway, I have tried to use ethereal.
If the TGT & the service ticket are in the local cache, no network activity is generated between pc35 & pc36 (not even a ARP request) by gss_init_sec_context.
If the TGT is in the local cache and not the server ticket, no network activity is generated between pc35 & pc36 by gss_init_sec_context.
both tests generate a major status of 524288 ("No context has been established") and a minor status of -2045022973. This minor status value is defined in gssapi_err_generic.h as G_VALIDATE_FAILED. If I send it to gss_display_status, the "readable text" string returned is "Unknown routine error (field = 27)". I don't know what it refers to. (In fact, I don't even know if it reports an unknown routine or an unknown error.)
The conclusion of these test is that my client program never use any distant ressource. The problem probably comes from the way I use the api, from the compiler configuration or from the local Kerberos configuration. It doesn't seem to come from the KDC nor from a network problem.
M
More information about the krbdev
mailing list