[38384] in Kerberos
Re: Query, Need help for building principal and retrieving service
daemon@ATHENA.MIT.EDU (Santosh Kumar)
Tue Nov 27 05:24:59 2018
MIME-Version: 1.0
In-Reply-To: <9816f700-18a5-6140-233c-0e6a418b7e4d@mit.edu>
From: Santosh Kumar <santoshjeergi@gmail.com>
Date: Tue, 27 Nov 2018 15:54:17 +0530
Message-ID: <CAFnsFFdGHTAKAwtibURyJq4f5vjNToN4C7N+Nma2YmzEWBmQuA@mail.gmail.com>
To: ghudson@mit.edu
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Greg,
Thank you, crash is fixed by the additional build_principal for client
principal.
now while retrieving from cache - "Matching credential not found"
char * serverRealm = "PCSQALAB.NET"
char * HTTPSVC = "HTTP"
char * server = "Parent-2K16.pcsqalab.net"
krb5_creds inCred, outCred;
memset(&inCred, 0, sizeof(inCred)); memset(&outCred, 0, sizeof(outCred));
m_error =krb5_build_principal_ext(m_context,&inCred.server,
strlen(serverRealm), serverRealm,
strlen(HTTPSVC),HTTPSVC,
strlen(server),server,
0);
* m_error =krb5_build_principal_ext(m_context,&inCred.client,*
* strlen(serverRealm),
serverRealm, *
* strlen(serverRealm), serverRealm,
0);*
flags = 0;
m_error = krb5_cc_retrieve_cred(m_context, m_cache, flags,
&inCred, &outCred); /*/ need 3rd service ticket from the below cache.*
*Below is the cache contents, *
Ticket cache: FILE:/tmp/krb5cc_36073
Default principal: host/PXE-DEV.PCSQALAB.NET@PCSQALAB.NET
Valid starting Expires Service principal
11/26/18 15:49:44 11/27/18 01:49:44 krbtgt/PCSQALAB.NET@PCSQALAB.NET
-----(1)
renew until 12/03/18 15:49:44
11/26/18 15:50:15 11/27/18 01:49:44 host/PXE-DEV.PCSQALAB.NET@PCSQALAB.NET
------(2)
for client leema\@PCSQALAB.NET@PCSQALAB.NET, renew until 12/03/18
15:49:44
11/26/18 15:50:15 11/27/18 01:49:44 http/
Parent-2K16.PCSQALAB.NET@PCSQALAB.NET ------(3)
for client leema\@PCSQALAB.NET@PCSQALAB.NET, renew until 12/03/18
15:49:44
Am i building the wrong client or server principal, could you/anyone please
suggest.
On Mon, Nov 26, 2018 at 10:47 PM Greg Hudson <ghudson@mit.edu> wrote:
> On 11/26/2018 06:30 AM, Santosh Kumar wrote:
> > i'm getting crash:
> >
> > (gdb) bt
> > #0 0xf7673f60 in krb5_principal_compare_flags (context=0xa449930,
> > princ1=0x0, princ2=0xa444ab0, flags=0) at princ_comp.c:108
> > #1 0xf7674183 in krb5_principal_compare (context=0xa449930, princ1=0x0,
> > princ2=0xa444ab0) at princ_comp.c:169
> > #2 0xf764f1ec in standard_fields_match (context=0xa449930,
> whichfields=0,
> > mcreds=0xfff48dc8, creds=0xfff48ba0) at cc_retr.c:67
>
> You need to set a client principal in the matching cred. Heimdal allows
> searching for just the server principal, but MIT's library does not.
>
> > should i use code = krb5int_construct_matching_creds(context, options,
> > in_creds, &mcreds, &fields); before calling retrive from cache.
>
> That's an internal function (as indicated by the "int" in the prefix),
> so you can't use it in an application.
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
