Hello Kerberos, It seems, if multiple servers supply separate keytabs, then the subsequent kerberos auth request targeted for multiple kerberos servers with separate keytabs and application keep on updating "default_keytab_name" global variable and it causes some of the authentication requests to fail and it throws this error
*"GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not found in keytab" *(major code - 186a5, d0000) Using this api *krb5_gss_register_acceptor_identity() *to set the default keytab file for kerberos authentication. It seems to be a single global keytab file used by the krb5 library. Can we use any other gss_api to maintain the local context of the keytab file and send this keytab for every authentication request? Thanks, On Fri, 11 Nov 2022 at 19:20, Kerberos Enthusiast < kerberos.enthusi...@gmail.com> wrote: > Hello Kerberos, > > I am trying to make a windows client authenticate with an authentication > server(using AD machine for KDC) to access multiple services. > There is a multiple keytab file per authentication server. > > But I'm facing this error below, while this does not occur every time, it > occurred when sending multiple authentication requests (around 200 > requests) for the same service from different client machines while users > are already domain users. > > > *GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not > found in keytab* > Probability of this issue occurring is around 20% only. > > Using GSS-API to acquire cred : gss_acquire_cred(). > For loading keytab file : krb5_gss_register_acceptor_idennntity(). > > How can we resolve this? > Can we use any other GSS-API in place of this? > > Thanks, > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
