Subject: | [Urgent] A bug in Kerberos V5 API "gss_acquire_cred" |
From: | "Yu Hong JM Ma" <myubj@cn.ibm.com> |
To: | krb5-bugs@mit.edu |
Date: | Tue, 15 Mar 2016 03:49:40 +0000 |
Dear Kerberos V5 specialist:
When I was using krb5_1.10, I encounterd following issue:
For API gss_acquire_cred,
OM_uint32 KRB5_CALLCONV
gss_acquire_cred(minor_status,
desired_name,
time_req,
desired_mechs,
cred_usage,
output_cred_handle,
actual_mechs,
time_rec)
gss_acquire_cred(minor_status,
desired_name,
time_req,
desired_mechs,
cred_usage,
output_cred_handle,
actual_mechs,
time_rec)
if I set the desired_mechs to "GSS_C_NO_OID_SET", the minor status code returned will be for kerberos mech "spnego". This is because the API gss_acquire_cred will call gss_add_cred, and only record the last loop's major and minor code.
With the major and minor code returned from this gss_acquire_cred(), I can't obtain the correct error message with error code returned from mech spnego.
However, from GSS user mannual, if see if I set GSS_C_NO_OID_SET, the code will choose a default mechanism for me (kerberos V5).
Could you please help clarity this bug, and make end uses get correct major and minor code? Since if I pass the minor code "10004" (returned from gss_acquire_cred) into API gss_display_status, I will get no error message.
Best Regards,
Ma Yuhong
Platform Symphony, CSTL IBM System & Technology Group, Development
Email: myubj@cn.ibm.com
Ma Yuhong
Platform Symphony, CSTL IBM System & Technology Group, Development
Email: myubj@cn.ibm.com