gss_store_cred_into() and gss_acquire_cred_from() on a client specific basis

Greg Hudson ghudson at
Fri May 24 10:56:45 EDT 2019

On 5/24/19 9:38 AM, moore moore wrote:
> But the subsequent call to gss_acquire_cred_from() ( same code path as
> above ) fails with:
> [10940] 1558700394.80066: Retrieving clientuser1 at TEST.COM from
> FILE:/krb5/dest/var/krb5/user/0/client.keytab (vno 0, enctype 0) with
> result: 2/Key table file '/krb5/dest/var/krb5/user/0/client.keytab' not
> found

As I said before, this trace message is not why the operation is
failing.  If acquire_cred cannot find creds in the ccache, it will check
if they could be acquired via a client keytab.  You need to look for the
ccache operations that failed earlier in the trace output.

> So why is the there a difference on gss_acquire_cred_from() between
> MEMORY:MY_CRED_STORE with a ccname of "clientuser1 at TEST.COM"
> and
> MEMORY:clientuser1 at TEST.COM with a ccname of  "clientuser1 at TEST.COM"

I can't answer this without seeing the actual relevant trace messages.

More information about the krbdev mailing list