Cannot get name from default acceptor cred

Sriram Nambakam snambakam at
Wed Mar 9 14:10:08 EST 2011

Could someone please confirm if a call to gss_inquire_cred(...) returns
successfully, a valid name must also be returned?


The scenario that fails for me is when we create default acceptor
credentials using gss_acquire_cred(...) followed subsequently by a call
to gss_inquire_cred(...).


In this case, the MIT implementation assigns the keytab to the cred. The
name in the cred remains null (no default?).

I believe, this is because the keytab can have more than one principal,
and at this point, it is not possible to determine which one should be
assigned to the name.


When this cred (with keytab) is used as part of
gss_accept_security_context(...), the principal will be taken from the
incoming token?


I am trying to run the SAP gsstest against the MIT krb5 gss library, and
it fails in two cases when trying to acquire default credentials.



More information about the krbdev mailing list