[37231] in Kerberos
Can't acquire stored impersonated creds from cache
daemon@ATHENA.MIT.EDU (Martin Gee)
Sun Sep 20 07:46:54 2015
Date: Sun, 20 Sep 2015 11:46:33 +0000 (UTC)
From: Martin Gee <geemang_2000@yahoo.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Message-ID: <323280011.398975.1442749593403.JavaMail.yahoo@mail.yahoo.com>
MIME-Version: 1.0
Reply-To: Martin Gee <geemang_2000@yahoo.com>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Version: 1.14I'm attempting to cache some impersonated credentials by using gss_store_cred with the output cred from gss_acquire_cred_impersonate_name.I see the credential via klist after my program runs.
See the user1 cred. gss_store_cred also seems to store the krbtgt again too.Ticket cache: FILE:/tmp/krb5cc_500
Default principal: host/centos.ics.local@ICS.LOCAL
Valid starting Expires Service principal
09/19/2015 14:46:39 09/20/2015 00:46:39 krbtgt/ICS.LOCAL@ICS.LOCAL
renew until 09/26/2015 14:46:39
09/19/2015 14:46:39 09/20/2015 00:46:39 HTTP/poc.ics.local@ICS.LOCAL
renew until 09/26/2015 14:46:39
09/19/2015 14:46:39 09/20/2015 00:46:39 host/centos.ics.local@ICS.LOCAL
for client user1@ICS.LOCAL, renew until 09/26/2015 14:46:39
09/19/2015 14:46:39 09/20/2015 00:46:39 krbtgt/ICS.LOCAL@ICS.LOCAL
renew until 09/26/2015 14:46:39
When my program runs again I assume gss_acquire_cred_impersonate_name will retrieve the cached cred as the trace seems to show.env KRB5_TRACE=/dev/stdout ./GSSAPIMemory
[11305] 1442692131.574904: Retrieving host/centos.ics.local@ICS.LOCAL from FILE:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success
gss_acquire_cred: { 1 2 840 113554 1 2 2 }
[11305] 1442692131.575507: Getting credentials user1@ICS.LOCAL -> host/centos.ics.local@ICS.LOCAL using ccache FILE:/tmp/krb5cc_500
[11305] 1442692131.575587: Retrieving user1@ICS.LOCAL -> host/centos.ics.local@ICS.LOCAL from FILE:/tmp/krb5cc_500 with result: 0/Success
cleanup
Major gss_acquire_cred_impersonate_name:851968 - Unspecified GSS failure. Minor code may provide more information
Minor gss_acquire_cred_impersonate_name:-2045022969 - Credential usage type is unknown
But the call seems to error out as shown. I am using GSS_C_INITIATE as the usage type.Am I missing something?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos