Regarding Credential Cache

Mohit Aggrawal mohit500 at gmail.com
Wed May 29 09:25:36 EDT 2013 

Thanks Benjamin for the details.I have debugged the code and our analysis
is as follows

we have build and copies the Kerberos library in our windows system so the
registry value are not initialized . I have debugged the code
of function *krb5_cc_default_name* and find out that we are checking the
environment variable* **KRB5_ENV_CCNAME* and if it is not set then we are
calling function *get_from_os* and *get_from_os_buffe*r . In which we are
checking the registry values HKCU and HKLM and if they are not present then
we are initialing the *os_ctx->default_ccname* name as* API:krb5cc*.

After that as shown in code snippet we are passing the default_name value *
API:krb5cc*  to *krb5_cc_resolve*  and after debugging this function I have
found out that* **find_serv*er  function in file client.cxx line no 383 is
failing and after debugging the * find_server* function
I found that   *sWaitForSingleObject(hEvent, (SECONDS_TO_WAIT)*1000);*  is
returning 258 and function  *RpcMgmtIsServerListening(ccs_request_IfHandle);
* is returning 1715 . In the stack unwinding phase * **
cci_os_ipc_thread_init* in file *ccapi_os_ipc.cxx *is returning 1813 which
is passed on to the other higher layers and at last returned by  function
krb5_cc_default.
I have checked the system error codes which gives it's meaning as
*ERROR_RESOURCE_TYPE_NOT_FOUND.
 *Do i need to configure or set and resource for kerberos 1.11.??

I have also observed that the* endpoint* parameter in the*
find_server*function is taking value as
*krbcc.999.0.ep* is it correct ??

Since we were using the kerberos library 1.5.3 previously and now we are
upgrading it to 1.11 . Please let me know if we need to do some extra
configuration and setting for kerberos 1.11.

Let me know if any other details are required from me .

-Many Thanks
      Mohit



On Wed, May 29, 2013 at 12:59 AM, Benjamin Kaduk <kaduk at mit.edu> wrote:

> On Mon, 27 May 2013, Mohit Aggrawal wrote:
>
>  I am using Kerberos 1.11 build using Visual Studio 2010 . In our code we
>> are calling krb5_cc_default after calling krb5_init_context .  The call to
>> krb5_init_context  is successful while the call to krb5_cc_default is
>> failing i.e. the return value is not zero.
>> Please let us know if I need to modify or change the value of parameters
>> so
>> that the call to krb5_cc_default is successful. I am sending  the code
>> snippet and the value of parametres .
>>
>
> The interesting bits of krb5_cc_Defeault are in
> src/lib/krb5/os/ccdefname.c .  The windows behavior is rather different
> from the Unix behavior.
> I wonder, what is the value of the HKCU\Software\MIT\Kerberos5\**ccname
> registry entry?  The KfW installer should set it to "API:"; I am not
> entirely sure offhand what behavior to expect if it is not set at all.
> (The HKLM version of that entry is also checked.)
>
>
>  krb5_context context value is
>>
>> - context 0x1ab152d8 {magic=-1760647388 in_tkt_etypes=0x00000000
>> tgs_etypes=0x00000000 ...} _krb5_context *
>> magic -1760647388 int
>> + in_tkt_etypes 0x00000000 int *
>> + tgs_etypes 0x00000000 int *
>> + os_context {magic=-1760647387 time_offset=0 usec_offset=0 ...}
>> _krb5_os_context
>>
>
> Probably, the call to krb5_cc_default_name is falling back to
> os_context->default_ccname, you might look at that in the debugger.
>
> -Ben Kaduk
>

More information about the krbdev mailing list