Some problem in forming the TGS request pkt with krb5_parse_name()

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Some problem in forming the TGS request pkt with krb5_parse_name()

Surendra Babu
Hi Kerbeors Team,
 
 I am seeing some problem in forming the TGS request
 packet with krb5_parse_name() function while parsing
 the Principal (with only IPADDRESS.....but not with
 hostname& DNS server configured case).
 
 1. To form the TGS request packet, I need to call
 the
 krb5_parse_name() function to form the pricipal
 structure.
 For this I need to pass the KDC server's principal
 name ad second parameter.
 
 Prototype for krb5_parse_name() function is:
 krb5_parse_name(krb5_context context, const char
 *name, krb5_principal *nprincipal)
 
 2. For the above fucntion, I need to pass the second
 parameter as principal name:
 that means: host/<KDC HOSTNAME>@REALM
 example: host/[hidden email]
 
 3. If I pass the above principle name with hostname,
 then only the TGS packet is built correctly.
 Otherwise
 it is not building the TGS packet.
 
 4. If I pass the IP Address in Principal name, (like
 ex: host/[hidden email]), the packet is
 not
 built, failing. If user gives the IP Address instead
 of hostname, how to form the packet? What parameters
 to be passed to krb5_parse_name() for IPA ddress
 case?
 (DNS server is not configured and IP ADDRESS is only
 avaliable, how to form the TGS request packet?)
 
 5. How can we form the principal name with out
 hostname (Only available thing is IPADDRESS and no
 DNS
 Server configured)
 
 Please let me know your thoughts. Thank you.
 
 Regards,
 -Surendra


               
__________________________________________
Yahoo! DSL – Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Some problem in forming the TGS request pkt with krb5_parse_name()

Jeffrey Altman-3
The krb5_parse_name() function is a convenience function
designed to construct a krb5_principal of type KRB5_NT_PRINCIPAL
from an input string.   This function will succeed as long
as the input can be parsed into one or more components plus
an optional realm.

What functions are you using to construct the request to the KDC?

Please keep in mind that Kerberos authenticates two peers
to each other by name.   The requirement is that the service
principal exist in the Kerberos Database.   Do you have service
principals in the KDB of the form "host/15.76.56.23@DOMAIN"?

Jeffrey Altman

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos