1
我正在開發一個使用GSSAPI登錄到服務器的C++客戶端。對於我使用gss方法構建證書對象的證書(在下面的代碼中解釋)。我給這部分代碼是GSSAPI獲取用戶名密碼和生成憑據不適用於非登錄用戶
#include <gssapi.h>
#include <gssapi_krb5.h>
#include <gssapi/gssapi_generic.h>
#include <gssapi/gssapi_ext.h>
gss_cred_id_t method_to_get_cred(){
char *username = "[email protected]";
char *password = "correctpassword";
gss_buffer_desc send_tok;
OM_uint32 maj_stat, min_stat;
gss_cred_id_t cred;
gss_name_t gss_username;
gss_OID_set_desc mechs, *mechsp = GSS_C_NO_OID_SET;
gss_buffer_desc pwbuf;
send_tok.value = username;
send_tok.length = strlen(username);
maj_stat = gss_import_name(&min_stat, &send_tok,(
gss_OID) gss_nt_user_name,&gss_username);
if (maj_stat != GSS_S_COMPLETE) {
printf("parsing client name %d %d \n ", maj_stat, min_stat);
return -1;
}
printf("Maj stat after gss_import_name: %d \n", maj_stat);
printf("Acquired username \n");
//getting username complete
//getting password
pwbuf.value = password;
pwbuf.length = strlen(password);
maj_stat = gss_acquire_cred_with_password(&min_stat,
gss_username,
&pwbuf, 0,
mechsp, GSS_C_INITIATE,
&cred, NULL, NULL);
printf("Acquired password \n");
//getting password complete
printf("Maj stat and min stat after gss_acquire_cred_with_password: %d %d\n", maj_stat, min_stat);
return(cred);
}
現在我打印的主要地位(GSSAPI水平狀態)和次要地位(機制級別狀態) - 這是Kerberos的在這種情況下。當我給登錄的用戶(即asanyal)狀態printf消息給出兩個值爲0(一切順利)
但是,當我使用不同的用戶名(這是一個在Active Directory中註冊但我不是登錄爲他)我得到
majstat = 851968 and minstat = -1765328243
進一步調查發現,這個小狀態消息對應於錯誤
KRB5_CC_NOTFOUND Matching credential not found
我確信我傳遞正確的憑據(用戶名密碼)的非記錄的在用戶中)
這是GSSAPI內部錯誤(也許它無法獲得票或東西)還是我犯了一些錯誤?
配置使用:Windows活動目錄(Windows Server 2008中)和MIT Kerberos庫 - 4.0.1版本