gss_accept_sec_context failing after getting service ticket using service name and password

Nicolas Williams Nicolas.Williams at
Fri May 26 02:25:39 EDT 2006

On Fri, May 26, 2006 at 11:44:24AM +0530, Gaurav Gaba wrote:
> Now, I want to do accept context by invoking gss_accept_sec_context() but it

Er, I think you want gss_init_sec_context() here.

> requires the credentials
> in gss_cred_id_t form whereas krb5_get_credentials() returns creds in
> krb5_creds form. Is there a way
> to convert from krb5_creds to gss_cred_id_t?

No, there isn't.

For Solaris Nevada we're looking at adding a mechanism-specific
gss_acquire_cred_from_ccache() GSS-API extension.

In the meantime you can use the KRB5CCNAME environment variable to
reference the ccache you wrote the ticket to.

> I also tried explicitly storing the service ticket in default credentials
> cache using krb5_cc_store_cred()
> and then making the call to gss_accept_sec_context() with
> acceptor_cred_handle as GSS_C_NO_CREDENTIAL so that
> it picks up default credentials but gss_accept_sec_context() call fails.

That's because you should probably be using gss_init_sec_context().

More information about the krbdev mailing list