[24608] in Kerberos

home help back first fref pref prev next nref lref last post

kadm5_decrypt_key returns EINVAL

daemon@ATHENA.MIT.EDU (SFBZH@aol.com)
Thu Sep 8 10:50:54 2005

Date: Thu, 08 Sep 2005 10:49:50 -0400
From: SFBZH@aol.com
To: kerberos@mit.edu
MIME-Version: 1.0
Message-ID: <216F6B29.1C4AE05F.0000F54D@aol.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Errors-To: kerberos-bounces@mit.edu

I want to get a service's key in a c program. I use the MIT kadm5 api on a linux station (Red hat 6.2) and a MIT kerberos server on the same station.

I have recorded a service in the KDC with a random key. I have recorded a client called admin/admin@DOMAIN.
*/admin have the rights * on the principals * in the KDC's ACL file.

I connect to the admin server as this admin/admin user with kadm5_init_with_password. I krb5_parse_name the service name and get the service principal with kadm5_get_principal, with the options KADM5_KEY_DATA | KADM5_PRINCIPAL.
All these functions return 0 (succes). I'm on the same station as the KDC so I should have the rights to use the KADM5_KEY_DATA function.

When I launch kadm5_decrypt_key with no filter, it returns EINVAL. The key_data array of the kadm5_principal_ent_t returned by kadm5_get_principal is empty. (no key for my service)

I'm sure that the service has a key on the KDC because I have managed to authentify a client on it (so the server has crypted a ticket with his key). And the kadmind log file indicate that the "get_principal" request was a succes.

What have I done wrong?
Best regards

M
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post