GSS-API win2k/unix need help!
Rick
mail at server.net
Mon Feb 25 17:11:24 EST 2002
GSS-API
I am configuring both Solaris and NT hosts to use a win2k kerberos KDC. I
will be running an application which uses the GSS-API between hosts which
are not the KDC.
Using a microsoft document I was able to make unix work perfectly.
Here's basically what I did.
On win-2k kdc:
1. ktpass -princ sample/host2.d1.com at D1.COM -mapuser user1 -pass pass1 -out
unix1.keytab
2. transfer keytab to unix computer.
On unix
1. ktutil
2. rkt unix1.keytab
3. list
4. wkt /etc/krb5.keytab
5. q
I ran both the MIT gss-server and gss-client test programs on host2 and they
run fine.
To try to get it to work in my NT machine I basically did the same thing.
On kdc:
1. ktpass -princ tsample/host1.d1.com at D1.COM -mapuser test -pass
testpass -out test.keytab
2. transfer keytab to windows computer.
There doesn't seem to be a ktutil.exe on windows. I presume I need to get a
ticket for 'tsample'. I tried kinit -k -t krb5.keytab -S tsample test.
It didn't work. Neither did several other variations.
The gss-server sample fails with
GSS-API error acquiring credentials: Miscellaneous failure
GSS-API error acquiring credentials: No such file or directory
What am I doing wrong?
Thanks in advance
More information about the Kerberos
mailing list