Hello.
Could you help with the following issue with MIT Kerberos libraries for
Windows.
1. Principal for "service/[EMAIL PROTECTED]" was exported
to keytab file.
2. Keytab file (krb5kt) placed in Windows directory on
"mymachine1.domain.com" and
"mymachine2.domain.com"
3. Application uses "[EMAIL PROTECTED]" to get service
credentials.
3.1
int test_function (char *service_name, gss_cred_id_t *server_creds)
{
gss_buffer_desc name_buf;
gss_name_t server_name;
OM_uint32 maj_stat, min_stat;
name_buf.value = service_name;
name_buf.length = strlen (name_buf.value) + 1;
maj_stat = gss_import_name (&min_stat, &name_buf,
gss_nt_service_name, &server_name);
if (maj_stat != GSS_S_COMPLETE)
return -1;
maj_stat = gss_acquire_cred (&min_stat, server_name, 0,
GSS_C_NULL_OID_SET, GSS_C_ACCEPT, server_creds, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE)
return -2;
maj_stat = gss_release_name (&min_stat, &server_name);
return 0;
}
4. test_function ("[EMAIL PROTECTED]", server_creds)
returns 0 (OK) on "mymachine1.domain.com"
5. However test_function ("[EMAIL PROTECTED]",
server_creds) returns -2 (ERROR) on "mymachine2.domain.com"
5.1 gss_acquire_cred returns
maj_stat = 0xD0000 (Miscellaneous failure) and
min_stat = 0x25EA101 (No principal in keytab matches desired name)
Please note that keytab file and service name paramter are the same on
both machines.
Tested with MIT for Windows 3.0 and 2.6.5
What could be wrong?
Thanks in advance
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
