krb5_mk_req is returning some weird krb5 error.

[Matthijs Mohlmann <matthijs@cacholong.nl>]

Hi,

I'm trying to fix the libpam-heimdal module in debian. (version 1.2.0) 
Now I went through the code and tried to find out what did go wrong. The 
log message shows me:

login[13704]: (pam_krb5): none: pam_sm_authenticate: entry
login[13704]: pam_krb5: verify_krb_v5_tgt(): krb5_mk_req(): Unknown code 
krb5 7, errornr: -1765328377
login[13704]: (pam_krb5): matthijs: pam_sm_authenticate: exit (failure)
login[13704]: (pam_krb5): matthijs: krb5_cc_destroy: ctx->cache: 
/tmp/krb5cc_pam_gLo8id

This is the peace of code where it goes wrong:
/* Talk to the kdc and construct the ticket. */
retval = krb5_mk_req(context, &auth_context, 0, *service, phost,
				NULL, ccache, &packet);

auth_context is not initialized, but as far as I read the documentation 
the krb5_mk_req call constructs it.

As you see krb5_mk_req returns a wrong value. So my question is what am 
I doing wrong here, or what could go wrong ?

I think I forget somewhere a call before doing the call krb5_mk_req().

If I try this module against MIT then it works.

The upgrade to 1.2.0 is to fix a few bugs in debian and to move to a new 
upstream. And also to have the same codebase for libpam-krb5 and 
libpam-heimdal in debian.

I'm pretty out of options right now what it could be...

Regards,

Matthijs Mohlmann

PS: if someone wants to look into the code it's available here:
http://www.cacholong.nl/~matthijs/libpam-heimdal-1.2.0.tar.gz