[38387] in Kerberos

home help back first fref pref prev next nref lref last post

Query,

daemon@ATHENA.MIT.EDU (Santosh Kumar)
Sun Dec 2 23:07:13 2018

MIME-Version: 1.0
From: Santosh Kumar <santoshjeergi@gmail.com>
Date: Mon, 3 Dec 2018 09:36:38 +0530
Message-ID: <CAFnsFFdG-ywedBDeqCMg2sXGt0C-+ubEaByuCUtF3YTHjoFVTQ@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

All,

 Request for help, i'm using gssapi client API to initiate sec context
using kerberos tickets in file cache.


1) import client principal

         //buffer.sprintf("leema\@PCSQALAB.NET@PCSQALAB.NET");
//gss_buffer_desc gssBuffer = { buffer.len(), (void*)buffer.str() };

*         gss_import_name
(&m_minor,&gssBuffer,GSS_C_NT_USER_NAME,&m_gssUser);*


2)Import service principal

//gssBuffer -> HTTP@Parent-2K16.pcsqalab.net

*gss_import_name(&m_minor,&gssBuffer,GSS_C_NT_HOSTBASED_SERVICE,&m_gssSvc);*


3)acquire client credential handle.

m_major = gss_acquire_cred(&m_minor, m_gssUser, GSS_C_INDEFINITE,
GSS_C_NO_OID_SET, GSS_C_INITIATE,&m_gssUserCred,&oidSet, &m_timeRec);


4) m_major =
gss_acquire_cred(&m_minor,m_gssSvc,GSS_C_INDEFINITE,g_oidSet,GSS_C_INITIATE,
&m_gssSvcCred, &oidSet, &m_timeRec);

5)m_major = gss_init_sec_context(&m_minor, m_gssUserCred, &m_gssContext,
m_gssSvc, &g_spnego_mechanism_desc,
flags,0,GSS_C_NO_CHANNEL_BINDINGS,&gssInput, NULL,&gssOutput,NULL, NULL);



In step 3) I'm getting GSS_S_CREDENTIALS_EXPIRED , the tickets lifetime is
valid.


Please note i'm migrating heimdal gssapi with MIT gssapi.    Do i need to
register plugin/call backs , to look for tickets?

tried replacing g_spnego_mechanism_desc, with GSS_C_NO_OID_SET, but didn't
work, what should i do?


Below is the Ticket cache: FILE:/tmp/krb5cc_36073

Default principal: host/PXE-DEV.PCSQALAB.NET@PCSQALAB.NET

Service principals:

krbtgt/PCSQALAB.NET@PCSQALAB.NET

host/PXEDDEV.PCSQALAB.NET@PCSQALAB.NET for client leema\@
PCSQALAB.NET@PCSQALAB.NET

http/Parent-2K16.PCSQALAB.NET@PCSQALAB.NET for client leema\@
PCSQALAB.NET@PCSQALAB.NET


Thanks

Santosh
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post