All,
Request for help, i'm using gssapi client API to initiate sec context using kerberos tickets in file cache.
1) import client principal
//buffer.sprintf("santosh\@PCSQALAB.NET@PCSQALAB.NET"); //gss_buffer_desc gssBuffer = { buffer.len(), (void*)buffer.str() };
gss_import_name (&m_minor,&gssBuffer,GSS_C_NT_USER_NAME,&m_gssUser);
2)Import service principal
//gssBuffer -> HTTP@Parent-2K16.pcsqalab.net
gss_import_name(&m_minor,&gssBuffer,GSS_C_NT_HOSTBASED_SERVICE,&m_gssSvc);
3)acquire client credential handle.
m_major = gss_acquire_cred(&m_minor, m_gssUser, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_INITIATE,&m_gssUserCred,&oidSet, &m_timeRec);
4) m_major = gss_acquire_cred(&m_minor,m_gssSvc,GSS_C_INDEFINITE,g_oidSet,GSS_C_INITIATE, &m_gssSvcCred, &oidSet, &m_timeRec);
5)m_major = gss_init_sec_context(&m_minor, m_gssUserCred, &m_gssContext, m_gssSvc, &g_spnego_mechanism_desc, flags,0,GSS_C_NO_CHANNEL_BINDINGS,&gssInput, NULL,&gssOutput,NULL, NULL);
In step 3) I'm getting GSS_S_CREDENTIALS_EXPIRED , the tickets lifetime is valid.
Please note i'm migrating heimdal gssapi with MIT gssapi. Do i need to register plugin/call backs , to look for tickets?
tried replacing g_spnego_mechanism_desc, with GSS_C_NO_OID_SET, but didn't work, what should i do?
Below is the Ticket cache: FILE:/tmp/krb5cc_36073
Default principal: host/PXE-DEV.PCSQALAB.NET@PCSQALAB.NET
Service principals:
krbtgt/PCSQALAB.NET@PCSQALAB.NET
host/PXEDDEV.PCSQALAB.NET@PCSQALAB.NET for client santosh\@PCSQALAB.NET@PCSQALAB.NET
http/Parent-2K16.PCSQALAB.NET@PCSQALAB.NET for client santosh\@PCSQALAB.NET@PCSQALAB.NET
Comments
Post a Comment