[5436] in Kerberos
A server acting as a principal
daemon@ATHENA.MIT.EDU (Dan Nessett)
Thu Jun 29 16:19:48 1995
Date: Thu, 29 Jun 1995 12:56:56 -0700 (PDT)
From: Danny.Nessett@Eng.Sun.COM (Dan Nessett)
To: kerberos@MIT.EDU
I am confused about how a server can act as a principal. Specifically, I have
written some test code that basically tries to establish a security context
to/from the same entity. The program calls init_sec_context() under the identity
of root acting as a principal and specifies root (more accurately, root/elrond)
as the target. I found I had to install root/elrond both as a principal and
in the srvtab to get past the init call. It then turns around and calls
accept_sec_context(). The test program is running as root, so it has
access to both the srvtab and the principal's credentials, which I obtain
by a kinit before running the test. My reasoning is that when the process does
an init, the Kerberos V5 code uses root's credentials in the credentials cache
to contact the TGS and a ticket for root using the srvtab keys is generated.
When the accept is performed, the Kerberos V5 library uses the entry in
srvtab to check the ticket, which should work.
I am having problems with this, getting an integrity failure (KRB5KRB_AP_ERR_
BAD_INTEGRITY), and want to make sure there isn't some gotcha that I am missing.
Dan
