我正在使用nsspi从C#应用程序为客户端调用SSPI API。我在服务器端将cyrus sasl与MIT Kerberos GSSAPI实现结合使用。
这两个协议似乎可以互相通信,但是服务器似乎比客户端愿意执行的挑战要多更多挑战。
这是客户端调试日志:
- Creating client context
- CONTINUE_NEEDED after calling InitializeSecurityContext, sending clientToken to the server
- received new server challenge
- OK after calling InitializeSecurityContext, out clientToken is null.
- no data to send to the server, sending NULL data
- received new server challenge
- NSspi.SSPIException: Failed to invoke InitializeSecurityContext for a client. Error Code = '0x80090301' - "The handle provided to the API was invalid.".
这是服务器调试日志:
- received client packet
- SASL start with GSSAPI
- GSSAPI server step 1
- received CONTINUE
- sending challenge to client
- received client packet with NULL data
- GSSAPI server step 2
- sending challenge to client
- client ended unexpectedly
代码很长,因此我无法将其完全粘贴到此处。问题似乎在于所涉及的身份验证轮次:客户端仅在一轮之后就感到满意,服务器似乎需要更多轮次,但客户端没有数据可传递给它。
我正在使用the same flags as the nsspi client demo进行上下文创建。
有人知道为什么会这样吗?