[19942] in Kerberos_V5_Development
Re: gss_store_cred_into() and gss_acquire_cred_from() on a client
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri May 24 10:56:58 2019
To: moore moore <moore_chestnut@yahoo.ie>, "krbdev@mit.edu" <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <02875b82-69ba-6029-b705-de83c551aac9@mit.edu>
Date: Fri, 24 May 2019 10:56:45 -0400
MIME-Version: 1.0
In-Reply-To: <431336128.1350813.1558705126809@mail.yahoo.com>
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 5/24/19 9:38 AM, moore moore wrote:
> But the subsequent call to gss_acquire_cred_from() ( same code path as
> above ) fails with:
>
> [10940] 1558700394.80066: Retrieving clientuser1@TEST.COM from
> FILE:/krb5/dest/var/krb5/user/0/client.keytab (vno 0, enctype 0) with
> result: 2/Key table file '/krb5/dest/var/krb5/user/0/client.keytab' not
> found
As I said before, this trace message is not why the operation is
failing. If acquire_cred cannot find creds in the ccache, it will check
if they could be acquired via a client keytab. You need to look for the
ccache operations that failed earlier in the trace output.
> So why is the there a difference on gss_acquire_cred_from() between
> MEMORY:MY_CRED_STORE with a ccname of "clientuser1@TEST.COM"
> and
> MEMORY:clientuser1@TEST.COM with a ccname of "clientuser1@TEST.COM"
I can't answer this without seeing the actual relevant trace messages.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
