Re : Re: GSSAPI client on Windows

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re : Re: GSSAPI client on Windows

SFBZH
Thank you Jeffrey but my program still fails the same way.

I have replaced my "server/[hidden email]" with a "server/[hidden email]" in the KDC.
I have imported the ticket in the pc35 local cache and I have modified my client program to ask for server/[hidden email] credentials:

>/* create server name */
>name_string = (char *)malloc(32 * sizeof(char));
>strcpy(name_string, "server/[hidden email]");
>
>name_buffer=(gss_buffer_t)malloc(sizeof(gss_buffer_t));
>name_buffer->value = name_string;
>name_buffer->length = strlen(name_buffer->value) + 1;
>
>majs = gss_import_name(&mins, name_buffer,
>  GSS_C_NT_HOSTBASED_SERVICE, &server_name);
>gss_release_buffer(&mins, name_buffer);
>
>/* get service credentials */
>tocken=(gss_buffer_t)malloc(sizeof(gss_buffer_t));
>majs = gss_init_sec_context(&mins, cred_handle,
>  &context_handle, server_name, GSS_C_NULL_OID,
>  GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG, GSS_C_INDEFINITE,
>  NULL, GSS_C_NO_BUFFER, &oid, tocken, NULL, NULL);

The test is exactly the same as the one described in my previous mail. The only difference is the service name. The result is exacly the same: "An invalid name was supplied" with the same values in mins and majs.

I must be doing an other mistake.

My host file contains:
> aaa.bbb.ccc.36  pc36.domain.com  pc36

and my krb5.ini:
>[libdefaults]
>   default_domain = domain.com
>   default_realm = DOMAIN.COM
>
>[realms]
>   DOMAIN.COM = {
>       admin_server = pc36:750
>       kdc = pc36:88
>   }

Best regards

M
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Re : Re: GSSAPI client on Windows

Kevin Coffman
> Thank you Jeffrey but my program still fails the same way.
>
> I have replaced my "server/[hidden email]" with a "server/pc36.domain.com@DO
> MAIN.COM" in the KDC.
> I have imported the ticket in the pc35 local cache and I have modified my cli
> ent program to ask for server/[hidden email] credentials:
>
> >/* create server name */
> >name_string = (char *)malloc(32 * sizeof(char));
> >strcpy(name_string, "server/[hidden email]");

32 chars doesn't appear long enough for the string with fully-qualified
name ...

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Re : Re: GSSAPI client on Windows

Douglas E. Engert
In reply to this post by SFBZH


[hidden email] wrote:

> Thank you Jeffrey but my program still fails the same way.
>
> I have replaced my "server/[hidden email]" with a "server/[hidden email]" in the KDC.
> I have imported the ticket in the pc35 local cache and I have modified my client program to ask for server/[hidden email] credentials:
>
>
>>/* create server name */
>>name_string = (char *)malloc(32 * sizeof(char));
>>strcpy(name_string, "server/[hidden email]");
>>
>>name_buffer=(gss_buffer_t)malloc(sizeof(gss_buffer_t));
>>name_buffer->value = name_string;
>>name_buffer->length = strlen(name_buffer->value) + 1;
>>
>>majs = gss_import_name(&mins, name_buffer,
>> GSS_C_NT_HOSTBASED_SERVICE, &server_name);

gss_import_name takes a <service>@<host> which is not a principal
so you shold be passing "[hidden email]".  The Kerberos
gssapi will map this to a principal and figure out the realm.


>>gss_release_buffer(&mins, name_buffer);
>>
>>/* get service credentials */
>>tocken=(gss_buffer_t)malloc(sizeof(gss_buffer_t));
>>majs = gss_init_sec_context(&mins, cred_handle,
>> &context_handle, server_name, GSS_C_NULL_OID,
>> GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG, GSS_C_INDEFINITE,
>> NULL, GSS_C_NO_BUFFER, &oid, tocken, NULL, NULL);
>
>
> The test is exactly the same as the one described in my previous mail. The only difference is the service name. The result is exacly the same: "An invalid name was supplied" with the same values in mins and majs.
>
> I must be doing an other mistake.
>
> My host file contains:
>
>>aaa.bbb.ccc.36  pc36.domain.com  pc36
>
>
> and my krb5.ini:
>
>>[libdefaults]
>>  default_domain = domain.com
>>  default_realm = DOMAIN.COM
>>
>>[realms]
>>  DOMAIN.COM = {
>>      admin_server = pc36:750
>>      kdc = pc36:88
>>  }
>
>
> Best regards
>
> M
> _______________________________________________
> krbdev mailing list             [hidden email]
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev