InitializeSecurityContext fails with SEC_E_TARGET_UNKNOWN

Manoj Mohan manojm at us.ibm.com
Tue Jan 15 09:55:50 EST 2008 

Hi,

I am trying to write a client/server app using SSPI with KDC on windows.
Here are the steps which I am following:

1) created the ol_demo account on AD with following properties : passwd
never expires, account is sensitive and cannot be delegated, and use DES 

2)My setspn command looks like this:
setspn -A ol_demo/davedspc.lenexa.abc.com at TESTMART.LENEXA.ABC.COM ol_demo
Registering ServicePrincipalNames for
CN=ol_demo,CN=Users,DC=testmart,DC=lenexa,DC=ABC,DC=com
        ol_demo/davedspc.lenexa.abc.com at TESTMART.LENEXA.ABC.COM

3)On client side the code looks like this
.............
req_flags =
ISC_REQ_DELEGATE|ISC_REQ_MUTUAL_AUTH|ISC_REQ_CONFIDENTIALITY|ISC_REQ_INTEGRITY;
............
strcpy(server_name,"ol_demo/davedspc.lenexa.abc.com at TESTMART.LENEXA.ABC.COM");
........
    name_buffer.length = strlen(server_name);
    name_buffer.value = server_name;
    /* NOTE: This function is just memcpy to target_name from name_buffer */
    maj_stat = gss_import_name(&min_stat, &name_buffer, mech_type,
&target_name);
...........
       ss = AcquireCredentialsHandle( NULL,    /* obtain default credentials
*/
                                  "Kerberos",
                                  SECPKG_CRED_OUTBOUND,
                                  NULL,    /* pvLogonID */
                                  NULL,    /* pAuthData */
                                  NULL,    /* pGetKeyFn */
                                  NULL,    /* pvGetKeyArgument */
                                  &credHandle,
                                  NULL );  /* ptsExpiry */
.........
  ss = InitializeSecurityContext( pCredHandle,
                                  pInCtxHandle,
                                  (char *) target_name,
                                  req_flags,
                                  0,       /* Reserved1 */
                                  SECURITY_NATIVE_DREP,
                                  pInToken,
                                  0,       /* Reserved2 */
                                  pOutCtxHandle,
                                  &outToken,
                                  &outFlags,
                                  &lifetime );

  majorStatus = mapSStoGSSAPIstatus( ss );
  if( ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED )
  {

    goto error;
  }

Here ss is 80090303 or SEC_E_TARGET_UNKNOWN 

4) In the event log on KDC I can see  that we are getting
KDC_ERR_C_PRINCIPAL_UNKNOWN

Any idea guys?

Thanks in advance,

Manoj

-- 
View this message in context: http://www.nabble.com/InitializeSecurityContext-fails-with-SEC_E_TARGET_UNKNOWN-tp14841369p14841369.html
Sent from the Kerberos - Dev mailing list archive at Nabble.com.

More information about the krbdev mailing list