I changed the gss_import_name's third parameter from gss_nt_service_name to GSS_C_NT_USER_NAME, and the client works well now.
Server:
[root@gcnode029 gss-sample]# ./gss-server test
Client:
[root@gcnode026 gss-sample]# ./gss-client gcnode029.cap test/gcnode029 "hello"
Where test/gcnode029@test.com is the SPN of the gss-server

----- Original Message -----
From: "lizhong"
To:
Sent: Friday, August 25, 2006 10:42 AM
Subject: Question about gss-client


> Hi all,
> I have started gss-server on machine gcnode029, and now I try to start gss-client on machine gcnode026.
> But I found that everytime I run gss-client with cmd:
> [root@gcnode026 gss-sample]# ./gss-client gcnode029.cap test "adde"
>
> The gss-server will tell me that :
> GSS-API error accepting context: Unspecified GSS failure. Minor code may provide more information
> GSS-API error accepting context: Wrong principal in request
>
> And log of the kdc server as follows:
> Aug 25 09:47:29 gcnode028 krb5kdc[2852](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.10.26: ISSUE: authtime 1156470446, etypes {rep=1 tkt=1 ses=1}, tt/tt@test.com for test/gcnode026@test.com
> It seems that the kdc server did not give the gss-client the right service ticket for test/gcnode029@test.com.
> If I run gss-client on gcnode029, everything runs well, and the kdc log :
> Aug 25 09:18:29 gcnode028 krb5kdc[2852](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.10.26: ISSUE: authtime 1156468709, etypes {rep=1 tkt=1 ses=1}, aa/aa@test.com for test/gcnode029@test.com
> I guess the gss-client/gss-server are designed to run on two different machines.So why did the gss-client ask for a wrong ticket?How can I get ticket for test/gcnode029@test.com on gcnode026?



--------------------------------------------------------------------------------


> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos