[36523] in Kerberos
Re: Not getting delegation credential from gss_accept_sec_context()
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Oct 8 17:10:25 2014
Message-ID: <5435A835.5090105@mit.edu>
Date: Wed, 08 Oct 2014 17:10:13 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: "Xie, Hugh" <hugh.xie@bankofamerica.com>,
"Kerberos@mit.edu" <Kerberos@mit.edu>
In-Reply-To: <7E270C3427928E499F189C5636C52CDC45B9EDAB@smtp_mail.bankofamerica.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 10/08/2014 03:41 PM, Xie, Hugh wrote:
> After switching version 1.12.2, as a follow up question to the next step of S4U2Proxy.
>
> I passed the delegated_cred_handle from *gss_accept_sec_context()* to *gss_init_sec_context*. I got a "No context has been established" error since the context_handle is reinitialized to GSS_C_NO_CONTEXT. This is not a problem when I am not using delegated_cred_handle. When I attempt to pass the same context handle from gss_accept_sec_context(), I got a segmentation error.
>
> Can you tell me what context_handle to use?
Just as when you initially call gss_accept_sec_context, you need to pass
the address of a gss_ctx_id_t variable which was initialized to
GSS_C_NO_CONTEXT. If you pass NULL, you will get the error you mentioned.
Reusing the acceptor context is incorrect usage; there ought to be a
safety check so that it results in an error instead of a seg fault, but
there might not be. I will file a ticket if I can reproduce the issue.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
