Whilst using the Heimdal GSS API, I have run into a problem when calling gss_accept_sec_context. I do not fully understand how the digest API works, but in this case an AS-REQ is sent to the DC with the principal as cifs/smvm1.kerb1.dom and the response states the error:
KRB Error: KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN I added the service principal name under the user susha...@kerb1.dom but still encountered the error. So my questions are: 1. Can a service principal name request for a TGT? If not then what method should I use to query the DC(KDC) from another account ( most likely an user account) from the same domain? 2. I tried doing a kinit -S cifs/smvm1.kerb1.dom susha...@kerb1.dom and did get the ticket in the credential cache file with the principal being cifs/smvm1.kerb1....@kerb1.dom but still didn't work and heimdal still tries to get the TGT during use. -- *Sushant Mathur*
