gssapi.raw.acquire_cred_with_password() fails on Windows

[nmariz]

What went wrong?

Authenticating using gssapi.raw.acquire_cred_with_password() fails on Windows when there's no ticket in the cache. It raises a Matching credential not found error.

The same code block is working on Linux.

How do we reproduce?

1) Empty ticket cache

3) Run the following code block

acquire_cred_result = gssapi.raw.acquire_cred_with_password(
    user, password, usage="initiate"
)

Result:

gssapi.raw.misc.GSSError: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529639053): Matching credential not found

Component versions (python-gssapi, Kerberos, OS / distro, etc.)

The installation made using pip install gssapi.

[jborean93]

When you run this interactively you can see an actual prompt from the MIT kfw program appear

Clicking cancel gives you the same error you have in your error description. Running it through a non-interactive session stops this pop up from appearing and giving you the error straight away as MIT kfw acts like cancel was pressed. I also tried gss_acquire_cred_from but that suffers from the same problem

import gssapi
import gssapi.raw

kerberos = gssapi.OID.from_int_seq("1.2.840.113554.1.2.2")
name = gssapi.Name(base="vagrant-domain@DOMAIN.TEST", name_type=gssapi.NameType.user)
res = gssapi.raw.acquire_cred_from({b"password": b"VagrantPass1"}, name=name, mechs=[kerberos], usage="initiate")

Unfortunately this library just calls the C API of the linked GSSAPI library and any behaviour it has is based on the C lib and not this Python module. So while the lib has this function it seems like it just doesn't work so cannot be used.

Is there a reason why you need MIT GSSAPI on Windows, you can utilise SSPI through various libraries like pywin32 or pyspnego.