GSSAPI client on Windows

Douglas E. Engert deengert at anl.gov
Thu Jul 7 10:36:01 EDT 2005 


SFBZH at aol.com wrote:

> "Douglas E. Engert" <deengert at anl.gov> wrote:
> 
>>Try using the ethereal program on the clientto trace network activity.
>>It might show what is goinhg on, including Kerberos traffic with the
>>KDC.
> 
> The problem doesn't seem to be a network problem because I import the TGT & the service ticket in the local cache before starting the client. Anyway, I have tried to use ethereal.
> 

Not sure what you mean by "import the TGT & service ticket"
The gssapi libs will get a service ticket for you. You should use kinit
to get the TGT for the the user.

Make sure you are getting the correct gssapi32.dll and krb5_32.dll. Several other packages
may have provided versions.


> If the TGT & the service ticket are in the local cache, no network activity is generated between pc35 & pc36 (not even a ARP request) by gss_init_sec_context.
> 
> If the TGT is in the local cache and not the server ticket, no network activity is generated between pc35 & pc36 by gss_init_sec_context.
> 
> both tests generate a major status of 524288 ("No context has been established") and a minor status of -2045022973. This minor status value is defined in gssapi_err_generic.h as G_VALIDATE_FAILED. If I send it to gss_display_status, the "readable text" string returned is "Unknown routine error (field = 27)". I don't know what it refers to. (In fact, I don't even know if it reports an unknown routine or an unknown error.)
> 
> The conclusion of these test is that my client program never use any distant ressource. The problem probably comes from the way I use the api, from the compiler configuration or from the local Kerberos configuration. It doesn't seem to come from the KDC nor from a network problem.
> 
> M
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
> 
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list