RE: gss_init_sec_context with delegated_cred_handle error

2015-04-07 Thread Xie, Hugh
[mailto:ghud...@mit.edu] Sent: Monday, October 27, 2014 11:21 AM To: Xie, Hugh; kerberos@mit.edu Subject: Re: gss_init_sec_context with delegated_cred_handle error On 10/23/2014 11:38 AM, Xie, Hugh wrote: When I pass GSS_C_NO_CREDENTIAL as cred_handle to gss_init_sec_context(), I got no error

RE: Wrong principal in request error on gss_accept_sec_context()

2015-02-03 Thread Xie, Hugh
other resource for looking at AD/Mit KRB5. -Original Message- From: Greg Hudson [mailto:ghud...@mit.edu] Sent: Thursday, January 15, 2015 11:49 PM To: Xie, Hugh; 'kerberos@mit.edu' Subject: Re: Wrong principal in request error on gss_accept_sec_context() On 01/15/2015 05:18 PM, Xie, Hugh

RE: Wrong principal in request error on gss_accept_sec_context()

2015-01-15 Thread Xie, Hugh
Kvno returns 15. I created a new entry HTTP/host2.site123.baml.com @ COMMON.BANKOFAMERICA.COM in keytab with kvno = 15. I still get the same wrong principal error -Original Message- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Xie, Hugh Sent: Monday

RE: Wrong principal in request error on gss_accept_sec_context()

2015-01-15 Thread Xie, Hugh
I upgrade the version of krb5 lib to version 1.13. Got more specific error: Request ticket server HTTP/ host2.site123.baml@common.bankofamerica.com kvno 15 enctype rc4-hmac found in keytab but cannot decrypt ticket Any idea? -Original Message- From: Xie, Hugh Sent: Thursday

RE: Wrong principal in request error on gss_accept_sec_context()

2015-01-14 Thread Xie, Hugh
/s4u_creds.c:krb5_get_self_cred_from_kdc() Gdb does seems stop at any one of the functions. Please provide pointer. Thanks. -Original Message- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Xie, Hugh Sent: Monday, January 12, 2015 4:44 PM To: Greg Hudson; 'kerberos@mit.edu

RE: Wrong principal in request error on gss_accept_sec_context()

2015-01-12 Thread Xie, Hugh
- From: Greg Hudson [mailto:ghud...@mit.edu] Sent: Tuesday, January 06, 2015 1:52 PM To: Xie, Hugh; 'kerberos@mit.edu' Subject: Re: Wrong principal in request error on gss_accept_sec_context() On 01/05/2015 09:36 PM, Xie, Hugh wrote: 1. /efs/dist/kerberos/mit/1.11.5/exec/bin/klist -k -t

RE: Wrong principal in request error on gss_accept_sec_context()

2015-01-05 Thread Xie, Hugh
) Session Key Type: RSADSI RC4-HMAC(NT) 3. What is the window equivalent command on windows? -Original Message- From: Greg Hudson [mailto:ghud...@mit.edu] Sent: Monday, January 05, 2015 5:12 PM To: Xie, Hugh; 'kerberos@mit.edu' Subject: Re: Wrong principal in request error

RE: Wrong principal in request error on gss_accept_sec_context()

2014-12-19 Thread Xie, Hugh
Message- From: Greg Hudson [mailto:ghud...@mit.edu] Sent: Friday, December 19, 2014 11:24 AM To: Xie, Hugh; kerberos@mit.edu Subject: Re: Wrong principal in request error on gss_accept_sec_context() On 12/18/2014 02:02 PM, Xie, Hugh wrote: I am getting Wrong principal in request error

RE: Wrong principal in request error on gss_accept_sec_context()

2014-12-19 Thread Xie, Hugh
] Sent: Friday, December 19, 2014 12:11 PM To: Xie, Hugh; kerberos@mit.edu Subject: Re: Wrong principal in request error on gss_accept_sec_context() When you try to connect to the non-working server on the client, what service ticket appears in the cache as reported by klist? How does this compare

RE: Wrong principal in request error on gss_accept_sec_context()

2014-12-19 Thread Xie, Hugh
@ COMMON.BANKOFAMERICA.COM -Original Message- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Xie, Hugh Sent: Friday, December 19, 2014 1:33 PM To: Greg Hudson; kerberos@mit.edu Subject: RE: Wrong principal in request error on gss_accept_sec_context() We are using

Wrong principal in request error on gss_accept_sec_context()

2014-12-18 Thread Xie, Hugh
Hi, I am getting Wrong principal in request error on gss_accept_sec_context() on one host but does not on another. I verified /etc/hosts, both host conform to this format # Default /etc/hosts file 127.0.0.1 localhost.localdomain localhost 123.150.123.123 myhost.bankdomain.com myhost

RE: gss_init_sec_context with delegated_cred_handle error

2014-10-27 Thread Xie, Hugh
? -Original Message- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Xie, Hugh Sent: Thursday, October 23, 2014 11:39 AM To: kerberos@mit.edu Subject: gss_init_sec_context with delegated_cred_handle error Hi, When I pass GSS_C_NO_CREDENTIAL as cred_handle

RE: gss_init_sec_context with delegated_cred_handle error

2014-10-27 Thread Xie, Hugh
Thanks. Setting KRB5_CLIENT_KTNAME and setting KRB5CCNAME to a none default location resolve the issue. -Original Message- From: Greg Hudson [mailto:ghud...@mit.edu] Sent: Monday, October 27, 2014 11:21 AM To: Xie, Hugh; kerberos@mit.edu Subject: Re: gss_init_sec_context

gss_init_sec_context with delegated_cred_handle error

2014-10-23 Thread Xie, Hugh
Hi, When I pass GSS_C_NO_CREDENTIAL as cred_handle to gss_init_sec_context(), I got no error. But when I pass delegated_cred_handle (output from gss_accept_sec_context) as cred_handle to gss_init_sec_context(), I got 'Matching credential not found' error. It seems that when passing

RE: gss_init_sec_context with delegated_cred_handle error

2014-10-23 Thread Xie, Hugh
The mailing server mess up the string of the principal into email Here is uppercase principal USERID @ MY.DOMAIN.COM and the lower case principal is userid @ my.domain.com From: Xie, Hugh Sent: Thursday, October 23, 2014 11:39 AM To: kerberos@mit.edu Subject: gss_init_sec_context

RE: Not getting delegation credential from gss_accept_sec_context()

2014-10-09 Thread Xie, Hugh
Perhaps this is a bug. Gss_init_sec_context did return GSS_S_COMPLETE for me. -Original Message- From: Greg Hudson [ghud...@mit.edumailto:ghud...@mit.edu] Sent: Wednesday, October 08, 2014 11:10 PM Eastern Standard Time To: Xie, Hugh; Kerberos@mit.edu Subject: Re: Not getting delegation

RE: Not getting delegation credential from gss_accept_sec_context()

2014-10-09 Thread Xie, Hugh
1,3,2,4 or 1,3,4,2, then the error disappear. -Original Message- From: Greg Hudson [mailto:ghud...@mit.edu] Sent: Thursday, October 09, 2014 12:45 PM To: Xie, Hugh; 'Kerberos@mit.edu' Subject: Re: Not getting delegation credential from gss_accept_sec_context() On 10/09/2014 07:12 AM, Xie

RE: Not getting delegation credential from gss_accept_sec_context()

2014-10-09 Thread Xie, Hugh
Correction. #3 is gss_release_buffer on output_token. -Original Message- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Xie, Hugh Sent: Thursday, October 09, 2014 1:45 PM To: Greg Hudson; 'Kerberos@mit.edu' Subject: RE: Not getting delegation credential

RE: Not getting delegation credential from gss_accept_sec_context()

2014-10-08 Thread Xie, Hugh
in authenticate_gss_server_init (service=0x4016a7 HTTP, state=0x607010) at server_init.c:264 #8 0x00401544 in main () at server_init.c:299 -Original Message- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Xie, Hugh Sent: Monday, October 06, 2014 4:50 PM

RE: Not getting delegation credential from gss_accept_sec_context()

2014-10-08 Thread Xie, Hugh
Switched to 1.12 resolved this issue. Thanks. -Original Message- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Xie, Hugh Sent: Wednesday, October 08, 2014 10:30 AM To: Kerberos@mit.edu; Greg Hudson Subject: RE: Not getting delegation credential from

RE: Not getting delegation credential from gss_accept_sec_context()

2014-10-08 Thread Xie, Hugh
[mailto:kerberos-boun...@mit.edu] On Behalf Of Xie, Hugh Sent: Wednesday, October 08, 2014 1:29 PM To: Kerberos@mit.edu; Greg Hudson Subject: RE: Not getting delegation credential from gss_accept_sec_context() Switched to 1.12 resolved this issue. Thanks. -Original Message- From: kerberos-boun

RE: Not getting delegation credential from gss_accept_sec_context()

2014-10-08 Thread Xie, Hugh
, Hugh; Kerberos@mit.edu Subject: Re: Not getting delegation credential from gss_accept_sec_context() On 10/08/2014 03:41 PM, Xie, Hugh wrote: After switching version 1.12.2, as a follow up question to the next step of S4U2Proxy. I passed the delegated_cred_handle from *gss_accept_sec_context

RE: Not getting delegation credential from gss_accept_sec_context()

2014-10-08 Thread Xie, Hugh
...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Xie, Hugh Sent: Wednesday, October 08, 2014 5:23 PM To: Greg Hudson; Kerberos@mit.edu Subject: RE: Not getting delegation credential from gss_accept_sec_context() That was what I did. Both context_handle for *gss_accept_sec_context

Not getting delegation credential from gss_accept_sec_context()

2014-10-06 Thread Xie, Hugh
Hi, I am having trouble with S4U2Proxy. Looking into *accept_sec_context.c*, it has : * if (delegated_cred_handle != NULL deleg_cred == NULL /* no unconstrained delegation */ cred-usage == GSS_C_BOTH (ticket-enc_part2-flags TKT_FLG_FORWARDABLE)) { /*