Correction. #3 is gss_release_buffer on output_token. -----Original Message----- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Xie, Hugh Sent: Thursday, October 09, 2014 1:45 PM To: Greg Hudson; 'Kerberos@mit.edu' Subject: RE: Not getting delegation credential from gss_accept_sec_context()
Found the issue. It is order the function calls that matters: Here is the order of call that produced the error: 1. gss_init_sec_context 2. gss_release_cred on the deleted_cred_handle (passed to #1 call) 3. gss_release_cred on output_token 4. gss_inquire_context If I switch the order to either 1,3,2,4 or 1,3,4,2, then the error disappear. -----Original Message----- From: Greg Hudson [mailto:ghud...@mit.edu] Sent: Thursday, October 09, 2014 12:45 PM To: Xie, Hugh; 'Kerberos@mit.edu' Subject: Re: Not getting delegation credential from gss_accept_sec_context() On 10/09/2014 07:12 AM, Xie, Hugh wrote: > Perhaps this is a bug. Gss_init_sec_context did return GSS_S_COMPLETE > for me. I don't think we have a bug such that gss_inquire_context on an established context would return GSS_S_NO_CONTEXT, no; that would show up in our automated tests. Make sure you're passing gss_inquire_context the gss_ctx_id_t itself and not a pointer to it. If you're still seeing a problem, you'll probably need to trace through it on your end. ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos