Re: Question about gss-client

Sat, 26 Aug 2006 09:09:40 -0700 

I changed the gss_import_name's third parameter from gss_nt_service_name to 
GSS_C_NT_USER_NAME, and the client works well now.
Server:
[EMAIL PROTECTED] gss-sample]# ./gss-server test
Client:
[EMAIL PROTECTED] gss-sample]# ./gss-client gcnode029.cap test/gcnode029 "hello"
Where test/[EMAIL PROTECTED] is the SPN of the gss-server

----- Original Message ----- 
From: "lizhong" <[EMAIL PROTECTED]>
To: <kerberos@mit.edu>
Sent: Friday, August 25, 2006 10:42 AM
Subject: Question about gss-client


> Hi all,
>    I have started gss-server on machine gcnode029, and now I try to start 
> gss-client on machine gcnode026.
>    But I found that everytime I run gss-client with cmd:
> [EMAIL PROTECTED] gss-sample]# ./gss-client gcnode029.cap test "adde"
> 
>    The gss-server will tell me that :
> GSS-API error accepting context: Unspecified GSS failure.  Minor code may 
> provide more information
> GSS-API error accepting context: Wrong principal in request
> 
>    And log of the kdc server as follows:
> Aug 25 09:47:29 gcnode028 krb5kdc[2852](info): TGS_REQ (7 etypes {18 17 16 23 
> 1 3 2}) 192.168.10.26: ISSUE: authtime 1156470446, etypes {rep=1 tkt=1 
> ses=1}, tt/[EMAIL PROTECTED] for test/[EMAIL PROTECTED]
>    It seems that the kdc server did not give the gss-client the right service 
> ticket for test/[EMAIL PROTECTED]
>    If I run gss-client on gcnode029, everything runs well, and the kdc log :
> Aug 25 09:18:29 gcnode028 krb5kdc[2852](info): AS_REQ (7 etypes {18 17 16 23 
> 1 3 2}) 192.168.10.26: ISSUE: authtime 1156468709, etypes {rep=1 tkt=1 
> ses=1}, aa/[EMAIL PROTECTED] for test/[EMAIL PROTECTED]
>    I guess the gss-client/gss-server are designed to run on two different 
> machines.So why did the gss-client ask for a wrong ticket?How can I get 
> ticket for test/[EMAIL PROTECTED] on gcnode026?


--------------------------------------------------------------------------------


> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to