Hello.
Could you help with the following issue with MIT Kerberos libraries for
Windows.
1. Principal for "service/[EMAIL PROTECTED]" was exported to
keytab file.
2. Keytab file (krb5kt) placed in Windows directory on
"mymachine1.domain.com" and
"mymachine2.domain.com"
3. Application uses "[EMAIL PROTECTED]" to get service
credentials.
3.1
int test_function (char *service_name, gss_cred_id_t *server_creds)
{
gss_buffer_desc name_buf;
gss_name_t server_name;
OM_uint32 maj_stat, min_stat;
name_buf.value = service_name;
name_buf.length = strlen (name_buf.value) + 1;
maj_stat = gss_import_name (&min_stat, &name_buf,
gss_nt_service_name, &server_name);
if (maj_stat != GSS_S_COMPLETE)
{
return -1;
}
maj_stat = gss_acquire_cred (&min_stat, server_name, 0,
GSS_C_NULL_OID_SET, GSS_C_ACCEPT, server_creds, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE)
{
return -2;
}
maj_stat = gss_release_name (&min_stat, &server_name);
return 0;
}
4. test_function ("[EMAIL PROTECTED]", server_creds) returns 0
(OK) on "mymachine1.domain.com"
5. However test_function ("[EMAIL PROTECTED]", server_creds)
returns -2 (ERROR) on "mymachine2.domain.com"
5.1 gss_acquire_cred returns
maj_stat = 0xD0000 (Miscellaneous failure) and
min_stat = 0x25EA101 (No principal in keytab matches desired name)
Please note that keytab file and service name paramter are the same on both
machines.
I tried with MIT for Windows 3.0 and 2.6.5
What could be wrong?
Thanks in advance,
Sergey Klyushin
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
