Hi All:
I'm a newbie to Kerberos world and this is my first time using GSS-API ever. I'm
trying to use GSS-API on Solaris 9 platform. From what I have read so far, it seems
like there is no need to install the MIT version of Kerberos on Solaris since SUN is
fully compatible with it. While writing a program and using GSS-API, I'm getting the
following Major and Minor errors:
********Errors******************
GSS-API error: acquiring credentials: Major Error: No credentials were supplied, or
the credentials were unavailable or inaccessible
GSS-API error: acquiring credentials: Minor Error: mech_dh: Success
Acquiring credentials - Maj Stat: 458752 Min Stat: 0
***********Error End*************************************
I'm using the following GSS-API call and the at the completion of the call I get the
above major and minor errors.
maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
desiredMechs, GSS_C_ACCEPT,
server_cred, NULL, NULL);
I'm acting as Kerberos Service which will only accept Contexts. I beleive I have my
krb5.conf properly setup and also KDC is running on a different machine The way I
understand GSS-API and Solaris, I don't need to construct mechanism OIDs since by
default Kerberos V5 is the default mechanism of GSS-API. So, I'm using the default
mechanism by specifying "GSS_C_NULL_OID" for the desired mechanism. I get the above
mentioned errors. The minor error contains a text "mech_dh" which caught my eye and
didn't seem right. I further explored to find what other mechanisms are supported and
found a solaris mechanism file. The mechanism file contians Diffe-Hielleman and
Kerberos_v5 as the supported mechanism. As per GSS-API IETF RFC, kerberos_v5 is the
default mechanism for GSS-API. So, I assumed may be Diffe-Hielmman is the default
mechanism for some reason on Solaris.
So, just to be sure, I constructed my own mechanism OID using kerberos_v5 as
mechanism type and tried the same thing - but got the following results:
********** Error******************************************
GSS-API error: acquiring credentials: Major Error: Unspecified GSS failure. Minor
code may provide more information
GSS-API error: acquiring credentials: Minor Error: Unknown code 2
Acquiring credentials - Maj Stat: 851968 Min Stat: 2
*********Error
End*************************************************************************
I've also tried the "gss_add_cred" command and get the same exact erros in both
scenarios. I believe I've to acquire credentials due to the fact that I'm an
Application Service which will be accepting AP-REQ from a client which has already
acquired a TGT and TGS from KDC to use my service.
Any help will be greatly appreciated!!!!
Thanks.
Ish.....
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
