gss_accept_sec_context failing after getting service ticket using service name and password
Nicolas.Williams at sun.com
Fri May 26 02:25:39 EDT 2006
On Fri, May 26, 2006 at 11:44:24AM +0530, Gaurav Gaba wrote:
> Now, I want to do accept context by invoking gss_accept_sec_context() but it
Er, I think you want gss_init_sec_context() here.
> requires the credentials
> in gss_cred_id_t form whereas krb5_get_credentials() returns creds in
> krb5_creds form. Is there a way
> to convert from krb5_creds to gss_cred_id_t?
No, there isn't.
For Solaris Nevada we're looking at adding a mechanism-specific
gss_acquire_cred_from_ccache() GSS-API extension.
In the meantime you can use the KRB5CCNAME environment variable to
reference the ccache you wrote the ticket to.
> I also tried explicitly storing the service ticket in default credentials
> cache using krb5_cc_store_cred()
> and then making the call to gss_accept_sec_context() with
> acceptor_cred_handle as GSS_C_NO_CREDENTIAL so that
> it picks up default credentials but gss_accept_sec_context() call fails.
That's because you should probably be using gss_init_sec_context().
More information about the krbdev