[7089] in Kerberos
Re: Problems running gss-server example as non-root
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Mon Apr 15 11:28:52 1996
Date: Mon, 15 Apr 96 11:10:30 EDT
From: Barry Jaspan <bjaspan@bbnplanet.com>
To: Ed Hill <edhill@strobe.weeg.uiowa.edu>
Cc: kerberos@MIT.EDU
In-Reply-To: [7076]
I get the following error message when
it calls the gss_accept_sec_context() function.
GSS-API error accepting context: Miscellaneous failure
GSS-API error accepting context: No error
There used to be a bug in gss-server in which it set the minor_status
value to zero before displaying the error messages from
accept_sec_context. The logic was something like this:
major = gss_accept_sec_context(&minor, ...);
(void) gss_release_buffer(&minor, ...);
if (major != GSS_S_COMPLETE)
display_error(major, minor);
The problem, of course, is that calling gss_release_buffer(&minor,
...) resets &minor, thus the display_error function displays "No
error" as the minor status. The bug has been fixed in the current
krb5b5+ sources; are you using an older version?
Is there a way to specific that the gss-server program
should use a different srvtab file then the system wide.
With the krb5 beta 4 API, a global char * variable in libkrb5.a
defined the name of the keytab; a program could declare it extern and
then change its value. I imagine they have made this a context
parameter in the new API, but having never used the new API I don't
know.
Barry
