locked
SSPI, Kerberos, SEC_E_INVALID_TOKEN RRS feed

  • Question

  • Hi, i'm trying to write Kerberos client application, wich should use currently logged in user's credentials to aquire a ticket for specified service/host. That's what i  do:


    Code Snippet

        SECURITY_STATUS ss;
        CredHandle CH;
        TimeStamp TS;

        CtxtHandle CtxtH;
        SecBufferDesc SBD;
        ULONG CA;


        ss = AcquireCredentialsHandle(NULL, L"Kerberos", SECPKG_CRED_OUTBOUND, NULL, NULL, NULL, NULL, &CH, &TS);


        SBD.ulVersion=SECBUFFER_VERSION;
        SBD.cBuffers=0;
        SBD.pBuffers=NULL;

        ss = InitializeSecurityContext(&CH, NULL, L"service/host.domain.corp",
                ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONNECTION,
                0, SECURITY_NETWORK_DREP, NULL, 0, &CtxtH, &SBD, &CA, NULL);


    InitializeSecurityContext returns SEC_E_INVALID_TOKEN value.
    What do i do wrong?
    Tuesday, April 29, 2008 11:44 AM

Answers

  • Issue resolved, by filling output buffer with empty token, like that:

    Code Snippet

    SecBuffer Token;

    SBD.ulVersion=SECBUFFER_VERSION;
    SBD.cBuffers=1;
    SBD.pBuffers=&Token;

    Token.BufferType = SECBUFFER_TOKEN;
    Token.cbBuffer = 0;

    Token.pvBuffer = NULL;


    Wednesday, April 30, 2008 10:27 AM