gss_accept_sec_context failing after getting service ticket using service name and password

Gaurav Gaba gauravg77 at
Fri May 26 02:14:24 EDT 2006


I am trying to get service ticket using service name and password.

I have been successful in doing so. The steps that I have followed are:
 krb5_get_init_creds_password() to obtain a tgt,
 then krb5_cc_default(),
 then krb5_cc_initialize(),
 and krb5_cc_store_cred() to store the tgt in the cache.

After this I have obtained a service ticket for ldap service using
So far this is easy. :-)

Now, I want to do accept context by invoking gss_accept_sec_context() but it
requires the credentials
in gss_cred_id_t form whereas krb5_get_credentials() returns creds in
krb5_creds form. Is there a way
to convert from krb5_creds to gss_cred_id_t?

I also tried explicitly storing the service ticket in default credentials
cache using krb5_cc_store_cred()
and then making the call to gss_accept_sec_context() with
acceptor_cred_handle as GSS_C_NO_CREDENTIAL so that
it picks up default credentials but gss_accept_sec_context() call fails.

Thanks in advance.

- Gaurav G.

More information about the krbdev mailing list