gss_store_cred_into() and gss_acquire_cred_from() on a client specific basis
ghudson at mit.edu
Fri May 24 10:56:45 EDT 2019
On 5/24/19 9:38 AM, moore moore wrote:
> But the subsequent call to gss_acquire_cred_from() ( same code path as
> above ) fails with:
>  1558700394.80066: Retrieving clientuser1 at TEST.COM from
> FILE:/krb5/dest/var/krb5/user/0/client.keytab (vno 0, enctype 0) with
> result: 2/Key table file '/krb5/dest/var/krb5/user/0/client.keytab' not
As I said before, this trace message is not why the operation is
failing. If acquire_cred cannot find creds in the ccache, it will check
if they could be acquired via a client keytab. You need to look for the
ccache operations that failed earlier in the trace output.
> So why is the there a difference on gss_acquire_cred_from() between
> MEMORY:MY_CRED_STORE with a ccname of "clientuser1 at TEST.COM"
> MEMORY:clientuser1 at TEST.COM with a ccname of "clientuser1 at TEST.COM"
I can't answer this without seeing the actual relevant trace messages.
More information about the krbdev