GSSAPI Question

Shirish Rai srai at
Wed Nov 25 16:12:19 EST 2009

I am trying to get GSSAPI client working with a Java based GSSAPI server.
The underlying mechanism is of Kerberos. I first get a TGT and Service
Ticket via Kerberos and then try to start the GSSAPI. I need to explicitly
pass the credentials to be used. They cannot be the default user logged on
etc.  However I keep getting the following error: 


GSS-API error gss_krb5_acquire_cred: Unspecified GSS failure.  Minor code
may pro

vide more information

GSS-API error gss_krb5_acquire_cred: No credentials cache found


I have looked at the code a bit and it seem GSS creates a new KRB context.
Is there a way to tell GSS to use an existing context and/or ccache. I tried
this with the gss_krb5_ccache_name API. But that did not change anything. 


I guess there must be a way to only user GSSAPI as well. If that is the
correct way to go about his, is there an example I can look at.


Here is the relevant code:


Any help would be greatly appreciated. 







struct k5_data {

      krb5_context ctx;

      krb5_ccache cc;

      krb5_principal me;

      char* name;




int _tmain(int argc, _TCHAR* argv[])


      struct k5_data k5;

      memset(&k5, 0, sizeof(k5));

      krb5_error_code code = 0;

      krb5_creds my_creds;

      krb5_get_init_creds_opt *options = NULL;

      display_file = stdout;


      cout << "Starting Program " << endl;


      code = krb5_init_context(&k5.ctx);

      if (code) {

            com_err("GSSAPI", code, " while initializing library");

            goto done;


      cout << "done context" << endl;

      code = krb5_cc_default(k5.ctx, &;

      if (code) {

            com_err("GSSAPI", code, " while initializing cache");

            goto done;


      const char* cache_name = krb5_cc_get_name(k5.ctx,;

      cout << "The name of default cache is " << cache_name << endl;

      cout << "done cc cache" << endl;

      code = krb5_parse_name(k5.ctx, USER_PRINCIPAL, &;

      if (code) {

            com_err("GSSAPI", code, " while parsing principal");

            goto done;


      cout << "done parse name" << endl;

      code = krb5_get_init_creds_opt_alloc(k5.ctx, &options);

      if (code) {

            com_err("GSSAPI", code, " while allocating options");

            goto done;


      cout << "done alloc of options" << endl;

      code = krb5_get_init_creds_password(k5.ctx, &my_creds,,


      if (code) {

            com_err("GSSAPI", code, " while init_creds_password");

            goto done;


      cout << "Got service ticket" << endl;


      cout << "Establishing GSS context " << endl;

      OM_uint32 min_stat;

      const char* out_name;

      OM_uint32 maj_stat = gss_krb5_ccache_name(&min_stat, cache_name,

      if (maj_stat != GSS_S_COMPLETE) {

            display_status("gss_krb5_ccache_name", maj_stat, min_stat);



      gss_name_t desired_name;

      gss_cred_id_t cred;

      gss_buffer_desc name_tok;

      name_tok.value = USER_PRINCIPAL;

      name_tok.length = strlen(USER_PRINCIPAL);

      memset(&cred, 0, sizeof(cred));

      maj_stat = gss_import_name(&min_stat, &name_tok,

            (gss_OID) gss_nt_service_name,


      if (maj_stat != GSS_S_COMPLETE) {

            display_status("parsing name", maj_stat, min_stat);

            goto done;


      maj_stat = gss_acquire_cred(&min_stat, desired_name, GSS_C_INDEFINITE,


      if (maj_stat != GSS_S_COMPLETE) {

            display_status("gss_krb5_acquire_cred", maj_stat, min_stat);

            goto done;








-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5093 bytes
Desc: not available
Url :

More information about the krbdev mailing list