Whilst using the Heimdal GSS API, I have run into a problem when calling gss_accept_sec_context.
I do not fully understand how the digest API works, but in this case an AS-REQ is sent to the DC with the principal as cifs/smvm1.kerb1.dom and the response states the error:
KRB Error: KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN
I added the service principal name under the user [hidden email] but still encountered the error. So my questions are:
1. Can a service principal name request for a TGT? If not then what method should I use to query the DC(KDC) from another account ( most likely an user account) from the same domain?
2. I tried doing a kinit -S cifs/smvm1.kerb1.dom [hidden email] and did get the ticket in the credential cache file with the principal being cifs/[hidden email] but still didn't work and heimdal still tries to get the TGT during use.