[19936] in Kerberos_V5_Development
Re: gss_store_cred_into() and gss_acquire_cred_from() on a client
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu May 23 11:27:28 2019
To: moore moore <moore_chestnut@yahoo.ie>, "krbdev@mit.edu" <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <771e898a-34da-71da-eed7-ee81804b81db@mit.edu>
Date: Thu, 23 May 2019 11:27:02 -0400
MIME-Version: 1.0
In-Reply-To: <2094598933.7938175.1558613088766@mail.yahoo.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 5/23/19 8:04 AM, moore moore wrote:
> I have tried to create store with clientuser specific name also.like : MEMORY:clientuser1@TEST.COM
> And while the store into still worked, acquire_from failed with:
> gss_acquire_cred_from: SPNEGO cannot find mechanisms to negotiate
> But I dont see a way to use ccache name anyways to reference the store subsequently?
This is the right approach; you need client-specific ccache names to
store the proxy creds.
gss_acquire_cred_from() accepts a cred_store parameter just like
gss_store_cred_into(), and it must contain the same (per-client) ccache
value to find the correct creds.
The SPNEGO error message isn't very specific. You could use trace logs
to try to figure out why acquiring krb5 creds doesn't work, or you could
(temporarily, for debugging purposes) try acquiring krb5 creds instead
of SPNEGO creds.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
