Hi All,
I'm facing some problems with gsstest.
I've compiled and installed krb5-1.4.3, gsstest-1.27 and I'm using the SNC
Adapter. My KDC is a Win2k3 SP1 DC.
Before running gsstest I did a:
kinit -k -t /etc/krb5.keytab host/[EMAIL PROTECTED]
klist produces:
---------------
Ticket cache: FILE:/tmp/krb5cc_20101
Default principal: host/[EMAIL PROTECTED]
Valid starting Expires Service principal
04/23/06 22:07:13 04/24/06 08:07:13
krbtgt/[EMAIL PROTECTED]
renew until 04/24/06 22:07:13
04/23/06 22:11:06 04/24/06 08:07:13
host/[EMAIL PROTECTED]
renew until 04/24/06 22:07:13
Kerberos 4 ticket cache: /tmp/tkt20101
klist: You have no tickets cached
---------------
I called gsstest with following parameters:
../gsstest-1.27/sun_64/gsstest -l ./snckrb5.so
gsstest seems to be running pretty much okay.
However I'm getting one error in the test summary:
(( 2 b ))
Observed sizes of names:
printable names [ 41 .. 42 ] bytes
exported binary canonical names [ 61 .. 61 ] bytes
*FAILING* SAP constraint:
==> gss_display_name() returned 8 name(s) with leading whitespace!
Support of Hostbased Service Names:
gss_inquire_names_for_mech() includes GSS_C_NT_HOSTBASED_SERVICE,n and
our sample hostbased service name is accepted.
Unfortunately I don't know how serious this error is and what can be done
about it?
Any help or suggestions would be greatly appreciated!
Below is an excerpt from the gsstest output, which shows some more details
on the errors produced.
Best Regards,
Udo
===========================================================
Loading GSS-API shared library #1 "./snckrb5.so" ...
... was loaded as an SAP SNC-Adapter.
mech_list from gss_indicate_mechs() #1 contains 2 gss_OID elements:
{
[ 0] = {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
[ 1] = {1 3 5 1 5 2} MECH= Kerberos 5 (PRE-rfc1964)
}
Selecting mechanism (0) from GSS shared library #1:
{1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
====================
... SNIP ...
====================
Testing credentials management functions ...
----------
TEST: *default* initiating credentials (acquire_cred default mechs)
RESULT OK
actual_mechs from gss_acquire_cred() contains 2 gss_OID elements:
{
[ 0] = {1 3 5 1 5 2} MECH= Kerberos 5 (PRE-rfc1964)
[ 1] = {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
}
----------
TEST: *default* initiating credentials (acquire_cred specific mechs)
RESULT OK
TEST: *default* initiating credentials (inquire_cred only)
RESULT OK
TEST: named default initiating credentials (acquire_cred with name)
RESULT OK
TEST: acquire_cred and inquire_cred with NO optional parameters
RESULT OK
My own name/identity (from default creds) resolves to
"host/[EMAIL PROTECTED]"
Nametype oid = {1 2 840 113554 1 2 2 1} NT=
GSS_KRB5_NT_PRINCIPAL_NAME
TEST: Examining the exported name framing
Framing details for exported name (Section 3.2, GSS-API v2 spec):
TOK_ID : 00000: 04 01
MECH_OID_LEN = 11 : 00002: 00 0b
OID tag : 00004: 06
OID len = 9 : 00005: 09
OID elements : 00006: 2a 86 48 86 f7 12 01 02 02
= {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
NAME_LEN = 42 : 0000f: 00 00 00 2a
NAME : 00013: 68 6f 73 74 2f 74 63 73 host/tcs
0001b: 75 6e 32 30 2e 64 65 75 un20.deu
00023: 2e 68 70 2e 63 6f 6d 40 .xx.com@
0002b: 53 45 53 32 30 30 33 2e SES2003.
00033: 42 42 4e 2e 48 50 2e 43 BBN.XX.C
0003b: 4f 4d OM
RESULT OK
Since you didn't give me a target name, I'll try to talk to myself!
TEST: acquiring *default* initiating credentials (simple)
RESULT OK
TEST: acquiring *default* initiating credentials (query)
RESULT OK
TEST: acquiring initiating credentials (gss_name_t)
RESULT OK
TEST: acquiring initiating credentials (printable name)
RESULT OK
TEST: acquiring initiating credentials (can. printable name)
RESULT OK
TEST: acquiring accepting credentials for target (printable name)
for identity "host/[EMAIL PROTECTED]"
canonical identity "host/[EMAIL PROTECTED]"
RESULT OK
TEST: acquiring accepting credentials for target (can. printable name)
RESULT OK
TEST: acquiring *default* accepting credentials (simple)
ERROR: gss_inquire_cred() succeeded but failed to return name!
RESULT NOT ok (rc=1)
-------
TEST: acquiring *default* accepting credentials (query)
ERROR: gss_inquire_cred() succeeded but failed to return name!
RESULT NOT ok (rc=1)
-------
====================
Testing names management functions ...
----------
TEST: Testing consistency of gss_name_t conversions
RESULT OK
TEST: Testing consistency of gss_name_t conversions
RESULT OK
TEST: Testing support of hostbased service name "[EMAIL PROTECTED]"
Hostbased service name is recognized and transformed to
this name = "ftp/[EMAIL PROTECTED]"
With alternative nametype OID hostbased service name is transformed to
this name = "ftp/[EMAIL PROTECTED]"
RESULT OK
====================
Context establishment functions ...
----------
TEST: Testing sec_context est.: ini_cred=SIMPLE, acc_cred=GSSNAMED
RESULT OK
TEST: Testing sec_context est.: ini_cred=CHECKED, acc_cred=GSSNAMED
RESULT OK
TEST: Testing sec_context est.: ini_cred=GSSNAMED, acc_cred=GSSNAMED
RESULT OK
TEST: Testing sec_context est.: ini_cred=PRNAMED, acc_cred=GSSNAMED
RESULT OK
TEST: Testing sec_context est.: ini_cred=PRNAMED_VIA_XP, acc_cred=GSSNAMED
RESULT OK
TEST: Testing sec_context est.: ini_cred=SIMPLE, acc_cred=CHECKED
ERROR: gss_inquire_cred() succeeded but failed to return name!
RESULT NOT ok (rc=1)
-------
TEST: Testing 10 sec_context est.: ini_cred=CHECKED, acc_cred=GSSNAMED
RESULT OK
--
"Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
