home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Wed, 08 Oct 2014 21:23:14 +0000 From: "Xie, Hugh" <hugh.xie@bankofamerica.com> In-reply-to: <5435A835.5090105@mit.edu> To: Greg Hudson <ghudson@mit.edu>, "Kerberos@mit.edu" <Kerberos@mit.edu> Message-id: <7E270C3427928E499F189C5636C52CDC45B9F52B@smtp_mail.bankofamerica.com> MIME-version: 1.0 Content-language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kerberos-bounces@mit.edu That was what I did. Both context_handle for *gss_accept_sec_context()* and then * gss_init_sec_context* were initialized to GSS_C_NO_CONTEXT and the address of &context_handle are passed to these functions. I am getting error " No context has been established" and " Attempt to use incomplete security context" for minor when I call gss_init_sec_context with delegated_cred_handle from gss_accept_sec_context. I do not get this error if I do not pass delegated_cred_handle. -----Original Message----- From: Greg Hudson [mailto:ghudson@mit.edu] Sent: Wednesday, October 08, 2014 5:10 PM To: Xie, Hugh; Kerberos@mit.edu Subject: Re: Not getting delegation credential from gss_accept_sec_context() On 10/08/2014 03:41 PM, Xie, Hugh wrote: > After switching version 1.12.2, as a follow up question to the next step of S4U2Proxy. > > I passed the delegated_cred_handle from *gss_accept_sec_context()* to *gss_init_sec_context*. I got a "No context has been established" error since the context_handle is reinitialized to GSS_C_NO_CONTEXT. This is not a problem when I am not using delegated_cred_handle. When I attempt to pass the same context handle from gss_accept_sec_context(), I got a segmentation error. > > Can you tell me what context_handle to use? Just as when you initially call gss_accept_sec_context, you need to pass the address of a gss_ctx_id_t variable which was initialized to GSS_C_NO_CONTEXT. If you pass NULL, you will get the error you mentioned. Reusing the acceptor context is incorrect usage; there ought to be a safety check so that it results in an error instead of a seg fault, but there might not be. I will file a ticket if I can reproduce the issue. ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |