[35880] in Kerberos
Authenticate against keytab file on Windows 7
daemon@ATHENA.MIT.EDU (Evan McPeters)
Tue Mar 18 22:56:03 2014
From: "Evan McPeters" <emcpeters@anacapasciences.com>
To: <kerberos@mit.edu>
Date: Tue, 18 Mar 2014 13:59:52 -0700
Message-ID: <01d601cf42ed$03c3f510$0b4bdf30$@com>
MIME-Version: 1.0
Content-Language: en-us
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi, I am trying to use gss_accept_sec_context to authenticate a Kerberos
ticket against a keytab file (created using ktutil) on Windows 7. Both the
keytab file and ticket are being provided to me by another development team
(they created the keytab .
I base64 decode the ticket and pass it to gss_accept_sec_context but cannot
get any status code back beside GSS_S_FAILURE (with a minor status code of
0).
I have set my default keytab path like so:
_putenv("KRB5_KTNAME=C:\test.keytab");
At this point I'm stumped. I assume that there is no restriction to doing
this on Windows 7 that I should know about?
My current implementation is below (I have tried many different variations).
Thanks so much for any help you can provide!
Evan
_putenv("KRB5_KTNAME=C:\test.keytab");
char * token =
"AQBuggSFoQMCAQACjggkMIIEoKADAgEPNYYIDyTCCA8WgAwIB6iBwMFACAAABaEKGwhT";
int token_len = strlen(token);
input_token = (gss_buffer_t)
malloc(sizeof(gss_buffer_desc));
input_token->length = token_len;
input_token->value = token;
gss_name_t client = NULL;
gss_OID doid = (gss_OID)gss_mech_krb5;
OM_uint32 ret_flags = 0
OM_uint32 time_rec = 0;
gss_cred_id_t delegated_cred_handle;
OM_uint32 maj_stat;
OM_uint32 min_stat;
gss_ctx_id_t context = GSS_C_NO_CONTEXT;
gss_cred_id_t server_creds = GSS_C_NO_CREDENTIAL;
gss_buffer_desc output_token;
maj_stat = gss_accept_sec_context(&min_stat,
&context,
server_creds,
input_token,
GSS_C_NO_CHANNEL_BINDINGS,
&client,
&doid,
&output_token,
&ret_flags,
&time_rec,
&delegated_cred_handle);
NOTE: If I pass a string of random characters as the input token I can
manage to get a status of GSS_S_DEFECTIVE_TOKEN.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
