Should gss_get_name_attribute() dump the values of auth-indicators? I verified that the auth-indicators is set correctly by also setting require_auth on the SPN. When not using OTP I cannot obtain the service ticket but when using an otp I can. I have run this on both 1.15 and 1.18 with the same results. Below is a code snippet of what I used, including the gssapi test routine dump_attribute(). It shows in gss_inquire_name() the auth-indicator as a value, but gss_get_name_attribute() indicates that operation is not available or is unsupported. Should I be getting the values of auth-indicator? Thanks, Glenn serv_maj_stat = gss_accept_sec_context(&acc_sec_min_stat, &context, GSS_C_NO_CREDENTIAL, &send_tok, GSS_C_NO_CHANNEL_BINDINGS, &client, &doid, &recv_tok, &ret_flags, NULL, /* time_rec */ NULL); /* del_cred_handle */ maj_stat = gss_inquire_name( &min_stat, client, &is_mech_name, &mech, &attrs); if (maj_stat != GSS_S_COMPLETE) { display_status("gss_inquire_name", maj_stat, min_stat); } else { int i = 0; struct gss_buffer_desc_struct thisattr; if (attrs && attrs->count > 0){ for (i = 0; i < attrs->count; i++){ thisattr = attrs->elements[i]; printf("Attr[%d] of %d:%s\n",i,attrs->count,thisattr.value); } } } name_buf.value = "auth-indicators"; name_buf.length = strlen(name_buf.value) + 1; maj_stat = gss_import_name(&min_stat, &name_buf, (gss_OID) GSS_KRB5_NT_PRINCIPAL_NAME, &input_name); authenticated = 0; complete = 0; noisy = 0; more = -1; dump_attribute(client, &name_buf, noisy); What I get from gss_inquire_nameis: Attr[0] of 1:auth-indicators What I get from dump_attribute which calls gss_get_name_attribute is: Looking for attribute auth-indicators gss_get_name_attribute: The operation or option is not available or unsupported gss_get_name_attribute: No such file or directory (gdb) print (char *) attrs->elements[0]->value $6 = 0x629ab0 "auth-indicators" (gdb) print attrs->count $8 = 1 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Should gss_get_name_attribute() dump the values of auth-indicators?
Machin, Glenn Douglas via Kerberos Thu, 13 Oct 2022 08:27:29 -0700
- Should gss_get_name_attribute() dump t... Machin, Glenn Douglas via Kerberos
- Re: Should gss_get_name_attribute(... Machin, Glenn Douglas via Kerberos