krb5 1.9.1 gss_accept_sec_context() returning major=851968 minor=100001

[Greg Hudson]

On 09/27/2012 01:20 PM, Adam McLaurin wrote:
> If it helps, I noticed by running my application in GDB that the value
> of '*minor_status' inside gss_accept_sec_context() at the point of
> function return is 2529639056 ("Wrong principal in request"), but after
> the function returns my application thinks the value is 100001. I have
> no idea how this mismatch could occur. This is a C++ application running
> on 64-bit Linux, in case it matters.

If our mechglue sees the same minor code returned by two different
mechs, it maps the second code to a value like 100001.  Because of the
four different krb5 mech OIDs and SPNEGO, minor code collisions happen
in practice more often than one might expect.

gss_display_name() should be able to map the fake code number back to
the original mech and minor code, and from there to the appropriate
error message.  If it's not doing so in your case, we'll need more
details to figure out why.