GSSAPI client on Windows

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

GSSAPI client on Windows

SFBZH
I have two computers:
pc36 is a Linux Red Hat 6.2 station supporting the kdc and the service.
pc35 is a Windows 98 station supporting the client.
I try to code the client with MIT krb5 gssapi. The error occurs with gss_init_sec_context.

My pb occurs before the service becomes usefull so I won't talk about it.

The KDC (MIT kerberos KDC) contains these entries:
The entries are as follow:
kadmin/[hidden email]
kadmin/[hidden email]
kadmin/[hidden email]
kadmin/[hidden email]
krbtgt/[hidden email]
server/[hidden email]
[hidden email]

On the W98 "pc35", I get the TGT & the ticket service with kinit:
kinit -5 user
kinit -5 -S server/[hidden email]

I check the cache with klist. Both tickets are here:

> Ticket cache: API:krb5cc
> Default principal: [hidden email]
>
> Valid starting     Expires            Service principal
> 07/05/05 09:59:42  07/05/05 20:00:00  server/[hidden email]
>
> Kerberos 4 ticket cache: API:krb4cc
> KLIST.EXE: No ticket file (tf_util)

Now, I'll create a client with the MIT krb5 gssapi wich will acquire cred & init_sec_context:
First, I init the client and the service names.
I create two gss_buffer_t. I fill one with "[hidden email]" and the other with "server/[hidden email]". I edit the length field and I put those two names in gss_name_t structures with gss_import_name. The client gss_name_t is "local_name" ans the service gss_name_t is "server_name".
I set the gss_cred_id_t "cred_handle":

majs = gss_acquire_cred(&mins, local_name, GSS_C_INDEFINITE,
  GSS_C_NO_OID_SET, GSS_C_INITIATE, &cred_handle, NULL, NULL);

majs is 0. The cred_handle seems to be OK.

Now, I set the gss_ctx_id_t "context_handle" and the gss_buffer_t "tocken":

majs = gss_init_sec_context(&mins, cred_handle,
  &context_handle, server_name, GSS_C_NULL_OID,
  GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG, GSS_C_INDEFINITE,
  NULL, GSS_C_NO_BUFFER, &oid, tocken, NULL, NULL);

The error is "An invalid name was supplied". (gss_display_status with majs)
mins = -2045022973
majs = 50462720
The server_name is "server/[hidden email]" and the ticket in the local cache is also "server/[hidden email]".

What am I doing wrong?
If you need any other detail (krb5.ini for exemple), feel free to ask.

Best regards

M
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: GSSAPI client on Windows

Jeffrey Altman
[hidden email] wrote:

> I have two computers:
> pc36 is a Linux Red Hat 6.2 station supporting the kdc and the service.
> pc35 is a Windows 98 station supporting the client.

> The server_name is "server/[hidden email]" and the ticket in the local cache is also "server/[hidden email]".
>
> What am I doing wrong?
> If you need any other detail (krb5.ini for exemple), feel free to ask.

It is very important with MIT Kerberos that you use fully qualified
domain names for your hosts.   aka

    server/[hidden email]

The libraries will perform a lookup on the name in DNS in order to
ensure that the specified name is canonical.  (in order to support
multi-homed machines)

Jeffrey Altman



_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev

smime.p7s (4K) Download Attachment