GSSAPI client on Windows

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

GSSAPI client on Windows

I have a MIT KDC on an UNIX station called pc36.
The entries are as follow:
kadmin/[hidden email]
kadmin/[hidden email]
kadmin/[hidden email]
kadmin/[hidden email]
krbtgt/[hidden email]
server/[hidden email]
[hidden email]

I want to create a client on a window 98 station (pc35) who will authenticate as user and who will contact a service server/pc36 on pc36

First, I create a cache on the W 98 station:
kinit user
kinit -S server/[hidden email]

I check that the TGT and the service ticket are in the cache with klist. I have 2 krb5 tickets. It's OK.

Now, I have to import them in the client.
(From now, we are in a C program using gssapi. I will only speak about the client: it fails in a situation where the server is not usefull)

I put "[hidden email]" in a gss_buffer_t. I set the length. I gss_import_name this in a gss_name_t (local_name) and I release the buffer.

I do the same thing with the server name "server/[hidden email]" in server_name

I acquire the credential with the user name and default walues:
majs = gss_acquire_cred(&mins, local_name,
  &cred_handle, NULL, NULL);
No pb

I try to acquire the security_context and it fails.
majs = gss_init_sec_context(&mins, cred_handle,
  &context_handle, server_name, GSS_C_NULL_OID,
  NULL, GSS_C_NO_BUFFER, &oid, tocken, NULL, NULL);
The error is "An invalid name was supplied". I suppose it refers to the service name (server/[hidden email]).

I have made an other test with a different name for the server:
The KDC is exactly the same. I get the TGT and the service ticket in the cache. I just modify the service name in the client code. I put "server/pc36" instead of "server/[hidden email]". It fails again but the error generated by gss_init_sec_context is different and I don't understand it.
The majs (major status) is 524288
gss_display_status says: "No context has been established"
The minor status is -2045022973

What should I do to make it work?
My krb5.ini seems to be OK but I can send it to you if you want...

krbdev mailing list             [hidden email]