[python-win32] SSPI memory problems with Kerberos?

Matt Hamilton matth at netsight.co.uk
Mon Apr 18 15:13:32 CEST 2011

Matt Hamilton <matth <at> netsight.co.uk> writes:

> Originally I was passing it a valid Kerberos ticket, but no matter what it 
> would still give me that memory error. So I decided to pass in some bogus 
> data to at least get a different error... but no dice. I always just get this 
> memory error.

After about 3 days of banging my head against the code, I finally worked
out what the issue is. So for any future people looking and getting an
error about 'Not enough memory is available to complete this request',
SEC_E_INSUFFICIENT_MEMORY then is it likely that you are sending a
Negotiate blob into a Kerberos context.

The blob I was getting from IE is a Negotiate blob, not a native Kerberos
one and so are decoded differently in ASN.1 and I guess the ASN.1
parser used by SSPI is not smart enough to work out when it is
being fed something unexpected and runs out of memory trying to 
decode what it is given. 

So make sure you are doing:

sa = sspi.ServerAuth('Negotiate')
err, sec_buffer = sa.authorize(data)


sa = sspi.ServerAuth('Kerberos')
err, sec_buffer = sa.authorize(data)


More information about the python-win32 mailing list