Some problem in forming the TGS request pkt with krb5_parse_name()
Hi Kerbeors Team,
I am seeing some problem in forming the TGS request
packet with krb5_parse_name() function while parsing
the Principal (with only IPADDRESS.....but not with
hostname& DNS server configured case).
1. To form the TGS request packet, I need to call
krb5_parse_name() function to form the pricipal
For this I need to pass the KDC server's principal
name ad second parameter.
Prototype for krb5_parse_name() function is:
krb5_parse_name(krb5_context context, const char
*name, krb5_principal *nprincipal)
2. For the above fucntion, I need to pass the second
parameter as principal name:
that means: host/<KDC HOSTNAME>@REALM
example: host/[hidden email]
3. If I pass the above principle name with hostname,
then only the TGS packet is built correctly.
it is not building the TGS packet.
4. If I pass the IP Address in Principal name, (like
ex: host/[hidden email]), the packet is
built, failing. If user gives the IP Address instead
of hostname, how to form the packet? What parameters
to be passed to krb5_parse_name() for IPA ddress
(DNS server is not configured and IP ADDRESS is only
avaliable, how to form the TGS request packet?)
5. How can we form the principal name with out
hostname (Only available thing is IPADDRESS and no
Please let me know your thoughts. Thank you.
Yahoo! DSL Something to write home about.
Just $16.99/mo. or less.
Re: Some problem in forming the TGS request pkt with krb5_parse_name()
The krb5_parse_name() function is a convenience function
designed to construct a krb5_principal of type KRB5_NT_PRINCIPAL
from an input string. This function will succeed as long
as the input can be parsed into one or more components plus
an optional realm.
What functions are you using to construct the request to the KDC?
Please keep in mind that Kerberos authenticates two peers
to each other by name. The requirement is that the service
principal exist in the Kerberos Database. Do you have service
principals in the KDB of the form "host/22.214.171.124@DOMAIN"?