[39155] in Kerberos
Re: GSS-API error gss_accept_sec_context: Request ticket server HTTP/
daemon@ATHENA.MIT.EDU (Kerberos Enthusiast)
Fri Nov 11 12:22:53 2022
MIME-Version: 1.0
In-Reply-To: <CAGshih-EXCKjUbs0EGjOUL9fn5ZrAnqWP5wvgX=-xVPUTTKr5Q@mail.gmail.com>
From: Kerberos Enthusiast <kerberos.enthusiast@gmail.com>
Date: Fri, 11 Nov 2022 21:03:51 +0530
Message-ID: <CAGshih9QY8hga0WDf+uc-Fgt6m3AUFLsas7LgtVNMQjs3m-K6A@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello Kerberos,
It seems, if multiple servers supply separate keytabs, then the
subsequent kerberos auth request targeted for multiple kerberos servers
with separate keytabs and application keep on
updating "default_keytab_name" global variable and it causes some of the
authentication requests to fail and it throws this error
*"GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not
found in keytab" *(major code - 186a5, d0000)
Using this api *krb5_gss_register_acceptor_identity() *to set the default
keytab file for kerberos authentication.
It seems to be a single global keytab file used by the krb5 library.
Can we use any other gss_api to maintain the local context of the keytab
file and send this keytab for every authentication request?
Thanks,
On Fri, 11 Nov 2022 at 19:20, Kerberos Enthusiast <
kerberos.enthusiast@gmail.com> wrote:
> Hello Kerberos,
>
> I am trying to make a windows client authenticate with an authentication
> server(using AD machine for KDC) to access multiple services.
> There is a multiple keytab file per authentication server.
>
> But I'm facing this error below, while this does not occur every time, it
> occurred when sending multiple authentication requests (around 200
> requests) for the same service from different client machines while users
> are already domain users.
>
>
> *GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not
> found in keytab*
> Probability of this issue occurring is around 20% only.
>
> Using GSS-API to acquire cred : gss_acquire_cred().
> For loading keytab file : krb5_gss_register_acceptor_idennntity().
>
> How can we resolve this?
> Can we use any other GSS-API in place of this?
>
> Thanks,
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
