Requesting a TGT using a servicename

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Requesting a TGT using a servicename

sushantm
Whilst using the Heimdal GSS API, I have run into a problem when calling gss_accept_sec_context.
I do not fully understand how the digest API works, but in this case an AS-REQ is sent to the DC with the principal as cifs/smvm1.kerb1.dom and the response states the error:

KRB Error: KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN

I added the service principal name under the user [hidden email] but still encountered the error. So my questions are:

1. Can a service principal name request for a TGT? If not then what method should I use to query the DC(KDC) from another account ( most likely an user account) from the same domain?

2. I tried doing a kinit -S cifs/smvm1.kerb1.dom [hidden email] and did get the ticket in the credential cache file with the principal being cifs/[hidden email] but still didn't work and heimdal still tries to get the TGT during use.

--
Sushant Mathur