Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Profanity is the one language all programmers know best.

devel / comp.protocols.kerberos / Re: GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not found in keytab

SubjectAuthor
o Re: GSS-API error gss_accept_sec_context: Request ticket server HTTP/Kerberos Enthusiast

1
Re: GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not found in keytab

<mailman.123.1668186643.8148.kerberos@mit.edu>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=324&group=comp.protocols.kerberos#324

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: kerberos.enthusiast@gmail.com (Kerberos Enthusiast)
Newsgroups: comp.protocols.kerberos
Subject: Re: GSS-API error gss_accept_sec_context: Request ticket server HTTP/
not found in keytab
Date: Fri, 11 Nov 2022 21:03:51 +0530
Organization: TNet Consulting
Lines: 48
Message-ID: <mailman.123.1668186643.8148.kerberos@mit.edu>
References: <CAGshih-EXCKjUbs0EGjOUL9fn5ZrAnqWP5wvgX=-xVPUTTKr5Q@mail.gmail.com>
<CAGshih9QY8hga0WDf+uc-Fgt6m3AUFLsas7LgtVNMQjs3m-K6A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="16567"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: kerberos@mit.edu
Authentication-Results: mit.edu;
dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: mit.edu; arc=pass smtp.remote-ip=18.7.73.16
ARC-Seal: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1668180932; cv=pass;
b=trzIDnEshAxDjSHAqZwXgCDS1fLN7JdvX9DAnBqcM+bg+Ip95Mdj38yJ3ZJZrPnM5KYaBYFMOGeOimyrLa9/HbrU9iHB2Y2+Ol82JP4B5gxuZO9dhfuX2a4sheYb3AKPdgO5KtIU5OLBrmKtNwCVdqwalkFdJXHGm4RWfD/HBKLKjTrDVKPVPPAQK9NQJ7OX2NXY/eco2yliGqUqZJM+N44//p46ZMsPlsYtYmc3KZyGcWXoWwdoK4p2DRPmOpncr3QJmURvYU4cHgkI51iVHmGYMne0JqjJEAcYvWtSyNQYAz/YuRpI2oPibtOmDOuy39oaVTD3RrP/EBqviy0cuA==
ARC-Message-Signature: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1668180932;
c=relaxed/relaxed; bh=Ihb+ld8IlbR7tt8kVXGLGUoXR2ekHr1rzmxT4e62bi4=;
h=DKIM-Signature:DKIM-Signature:MIME-Version:From:Date:Message-ID:
Subject:To;
b=b3kbIUgu3LO7lPLECCyPbbQGzTbNbzBBbjZbV36mgPCUEk2U+HC0hhfjEUDQPVPq8zP3vBz604bv0hY1AZ4BwuXlhLfRk3FLnWn+n2a2lQ/9bLhEUWi9vR5u291PD8LmiyDnkgNNEvweeK6spHKR9JfBiHzkYFWcPPXmh6uiSWK/Iubs8w6iLuwzkQJ89qzLGtlOOCjzqFrtzIv4LxUfnoQEp2zercw3Y1mJpyTVkbGd4PoxUSmiPlJM5F3FITy8Sjov6eyF3xEu0L2J2BegCXp9A0vQiYqB5Fx/eZjKz8p6Zi0j8gI0N4khsYT1X9UWkilX4CvvQNdheewSOVY21w==
ARC-Authentication-Results: i=2; mit.edu; dkim=pass (1024-bit key)
header.d=mitprod.onmicrosoft.com header.i=@mitprod.onmicrosoft.com
header.b=K3ow86ye;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.b=JYNbCFZz
Authentication-Results: mit.edu;
dkim=pass (1024-bit key) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.b=K3ow86ye;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.b=JYNbCFZz
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=XisW7vROeUfY8cRVEAU4Mq8jpC+ZYoyLVb5Xxn49MzYQS8z1T6yPgwPnUdl7MXORMY/60FuoKQ7Acj6DuBsst6eXviDbWaEQKBeP5YncC1s3OYEnyYBYM38NGLx0Dvfq4kmP7dh45OB8xg7WOAym/FifcIcmcvUCEd9+KGzMWiS9wryPdZlnuKZIqsjcn2jjLBZ8jJWLTe0JdM7pCGrbbTFm5su7s02QJqC5vmYdvILiK7RvXJtklIlIlxuwmrK2Jtkg9nWsjSn9sip+dkT1qipscPxRYB7u8EwM4QC8oxe0bHcMk0hR7EtovXX/jiQOr47c08sL17snhhtvwbJMzA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Ihb+ld8IlbR7tt8kVXGLGUoXR2ekHr1rzmxT4e62bi4=;
b=RikoZ1xuwcZm/YuLAj1wE5e6Nnv8rP6eldzEsx3wyvnbEbLnfEEFPJy10ojS1yJFDR629jT/bu+AtaU/76bDgX5STMEyiMPA+jaHD5PhcV96ZTWC36eL5ACYHgwUYmhpImj06wZWLGxKIu6zfdfh9epeaHqMEyVW7KTwWvzm3Ak9Meo+RGh4MB+IRw9yYPqE7a9fwS+m8QqGu94JcUV6pc5oo0l9BDIoHiadELbj6vuZAY9jdyOgnGvWf8C2NijZk5Wt1cjYBmfK0ycWMTpz+Tjjd6FT/zNQvHfBaOnrhrRwgq+9/atsoRqFeHvkzHwW6WXLNMJ4zggBZWLGp1BCBA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
209.85.210.47) smtp.rcpttodomain=mit.edu smtp.mailfrom=gmail.com; dmarc=pass
(p=none sp=quarantine pct=100) action=none header.from=gmail.com; dkim=pass
(signature was verified) header.d=gmail.com; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=Ihb+ld8IlbR7tt8kVXGLGUoXR2ekHr1rzmxT4e62bi4=;
b=K3ow86ye+qRLBhXZSlFmQ+NqRRIcU8eRCMxlejoTJwawLZGDg7tX/QnYMBj4rYn6BOHsDyaYD4qq1G2rsd2dtMopwtnaMsmtOj4ZZV9HB1S/k104VDBKsV32BWwWwNRTacsK5lQ9d5oAS4LZTUTEpkZx3QmrAru3++sdZKYn+mk=
Authentication-Results: spf=pass (sender IP is 209.85.210.47)
smtp.mailfrom=gmail.com; dkim=pass (signature was verified)
header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;
Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates
209.85.210.47 as permitted sender) receiver=protection.outlook.com;
client-ip=209.85.210.47; helo=mail-ot1-f47.google.com; pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:from:to:cc:subject:date:message-id:reply-to;
bh=Ihb+ld8IlbR7tt8kVXGLGUoXR2ekHr1rzmxT4e62bi4=;
b=JYNbCFZzcofWWPIpXzXpD5xjzNzA+IcgjAM+O2aFiQltiYwRTJNZxav0b5hqHOIVfq
lTpidmSsd7aMqWULciq56GsTXnyLrF0L8l8YfGn3Sltb6Dpv+uxwWYiZBuxeKyRyEOpm
p1y/MVUmrlVvK66SgDj1NU5jl3tJA1CNYLBSDR/xMMnqkyEV8RULxXpQtWs7+myD4fH3
cmGUMnl+tD1VPEtwp3VqWdjI6RgnftGy0R4Cz0rbYiyVhCjcjccXlNj0MqK+D4Xxznub
MWUq5AM191tfOD7/HH0sduSOYnJJO6HRjvLgfleWDLi/G3CEPoAzXkAa3GyiQ6GNfp7J
CPTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=Ihb+ld8IlbR7tt8kVXGLGUoXR2ekHr1rzmxT4e62bi4=;
b=s0d82/9spsvE/PEhY1l6XjWQAxoOHU0oUTitXugH9grmbXeJ3zo45uSp1ggu2m5fiH
O5swwlk0l49mU6/g/WqSu+50J4sIYa2s77SN8IPeh+nEiWP87X5GHzBGpGLoRu7JzrR6
0yHJC2aXOjGEAArEh63osaX4JzrZFAks50Wl51O2ohSpVn2k5U0Fy48WPg+mIL4kD8Qr
XT9gkQ09seZc0tCKQcF2nm7HRfBPXOGo6NkW6wvwfptDJs4D7aD5wr5xNrlz/bXAqUiz
IRFi/ckuZLVfBMCVdxvnc/4+Z4vaWigm0yE+Kr7p4jVmzskHvF+rvOj05hQpAnj3Z+my
XFag==
X-Gm-Message-State: ANoB5pnaMpsmcKxBPMpPzUJ5h5VfX45L2M5CtldjK6m6m2zhN/K2WcPZ
zVouWtDI2DZjdkcX8hBGrigMnVMnUTsVGwCnNb3Y7dSALorDGy0d
X-Google-Smtp-Source: AA0mqf4AgebMViy9WYeHmySFcKlRZfmIuGVxv57Y+tk6EP8VQRUHEVn6wYAcy5wlgqoJRdt5ybASEsIebFPAzlspsP4=
X-Received: by 2002:a9d:24e2:0:b0:66d:5fb6:6e8c with SMTP id
z89-20020a9d24e2000000b0066d5fb66e8cmr1125189ota.112.1668180843294; Fri, 11
Nov 2022 07:34:03 -0800 (PST)
In-Reply-To: <CAGshih-EXCKjUbs0EGjOUL9fn5ZrAnqWP5wvgX=-xVPUTTKr5Q@mail.gmail.com>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS1PEPF0000E65C:EE_|MWHPR0101MB2894:EE_
X-MS-Office365-Filtering-Correlation-Id: e34b7f9a-2d96-4f23-fab8-08dac3fa29e5
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: eOBXs2FnrdnpGnfpN0JnpcClzECJrvoISTygTiIoM4NltFpvL6c16uipTG5DY06IIJbof59siZB8nxxqYg4wEu7fEWN0KkFHrf5q3rnQeylbj3a+G79t4zkXGm5W7mpIQ5MrZ34IJf0h2FYbIt5vGuwu8uPoFdm342X6VhA0aC5oijfhNc6Wi2A1yLwGgWlZlhoxpZOB/0fzqm1w9R/IIOaXENq9laao1M4a4GrCZbqUfJ2xe3AIHiYi8LTLgmy5ITEwVFmL+V0EXdNYKvW9KUS6aXxIvnZmBEYNsg1xLHJFTcuF3BuuU4rsYgldLecjQqb612x6fprzNgZD9CHoOYOcZn/Fj3jsMUkXldR5oZOIKkLs0htaDOQULkspdgZEB297QkA6hZZDnaR4PE5BUp8RLJ/hV7J1p2pdXpxIJHeHJsWkvwrrSGp2b/M6LGuJh24zAmUCGSfv6aETMkUqoBc9S2SBm4HJ/KU/PQ47xJSfNNIhX2JYPRlQ3RYLuNOuCuaDmbhR94V3l76laMTnpK9CgYm+duGxoaeu727GS6dspvwumYrBe2qIxtqiddsDw98Uqecm0LtQb6MBKIcdmXwMpvzjPToerbaC9kittihl/qLi4rtoDqVAArKEfd7uL3QELXwreIJmPSQJi+9hDgP8Xffo4D4X+ANdqMIEud0=
X-Forefront-Antispam-Report: CIP:209.85.210.47; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mail-ot1-f47.google.com; PTR:mail-ot1-f47.google.com;
CAT:NONE;
SFS:(13230022)(4636009)(376002)(136003)(39860400002)(396003)(346002)(84050400002)(451199015)(6666004)(7636003)(7596003)(356005)(2906002)(44832011)(86362001)(55446002)(33964004)(5660300002)(786003)(336012)(83380400001)(73392003)(34206002)(70586007)(42186006)(68406010)(8676002)(82202003)(26005)(316002)(76482006)(498600001);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Nov 2022 15:34:03.8368 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e34b7f9a-2d96-4f23-fab8-08dac3fa29e5
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: DS1PEPF0000E65C.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR0101MB2894
X-OriginatorOrg: mitprod.onmicrosoft.com
X-Mailman-Approved-At: Fri, 11 Nov 2022 12:10:41 -0500
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <CAGshih9QY8hga0WDf+uc-Fgt6m3AUFLsas7LgtVNMQjs3m-K6A@mail.gmail.com>
X-Mailman-Original-References: <CAGshih-EXCKjUbs0EGjOUL9fn5ZrAnqWP5wvgX=-xVPUTTKr5Q@mail.gmail.com>
 by: Kerberos Enthusiast - Fri, 11 Nov 2022 15:33 UTC

Hello Kerberos,

It seems, if multiple servers supply separate keytabs, then the
subsequent kerberos auth request targeted for multiple kerberos servers
with separate keytabs and application keep on
updating "default_keytab_name" global variable and it causes some of the
authentication requests to fail and it throws this error

*"GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not
found in keytab" *(major code - 186a5, d0000)

Using this api *krb5_gss_register_acceptor_identity() *to set the default
keytab file for kerberos authentication.

It seems to be a single global keytab file used by the krb5 library.
Can we use any other gss_api to maintain the local context of the keytab
file and send this keytab for every authentication request?

Thanks,

On Fri, 11 Nov 2022 at 19:20, Kerberos Enthusiast <
kerberos.enthusiast@gmail.com> wrote:

> Hello Kerberos,
>
> I am trying to make a windows client authenticate with an authentication
> server(using AD machine for KDC) to access multiple services.
> There is a multiple keytab file per authentication server.
>
> But I'm facing this error below, while this does not occur every time, it
> occurred when sending multiple authentication requests (around 200
> requests) for the same service from different client machines while users
> are already domain users.
>
>
> *GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not
> found in keytab*
> Probability of this issue occurring is around 20% only.
>
> Using GSS-API to acquire cred : gss_acquire_cred().
> For loading keytab file : krb5_gss_register_acceptor_idennntity().
>
> How can we resolve this?
> Can we use any other GSS-API in place of this?
>
> Thanks,
>

devel / comp.protocols.kerberos / Re: GSS-API error gss_accept_sec_context: Request ticket server HTTP/ not found in keytab

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor