GSS-API win2k/unix need help!

Marc Horowitz marc at MIT.EDU
Mon Feb 25 20:15:21 EST 2002


"Rick" <mail at server.net> writes:

>> On unix
>> 1. ktutil
>> 2. rkt unix1.keytab
>> 3. list
>> 4. wkt /etc/krb5.keytab
>> 5. q

Is there a reason you did all this instead of "cp"?

>> To try to get it to work in my NT machine I basically did the same thing.
>> 
>> On kdc:
>> 1. ktpass -princ tsample/host1.d1.com at D1.COM -mapuser test -pass
>> testpass -out test.keytab
>> 2. transfer keytab to windows computer.
>> 
>> There doesn't seem to be a ktutil.exe on windows.  

What do you think you need ktutil for?

>> I presume I need to get a
>> ticket for 'tsample'.  I tried kinit  -k -t krb5.keytab  -S tsample test.
>> It didn't work.  Neither did several other variations.

Why are you giving kinit the -S flag?  I do not think it does what you
think it does.  For that matter, why are you using a keytab at all?
It's much easier to create a normal user principal and use kinit to
get tickets.  If you must use a keytab, the correct invocatrion is
"kinit -k -t keytabfile tsample/host1.d1.com at D1.COM".  Of course, the
last argument should be the actual principal name of the key you want
to use.

>> 
>> The gss-server sample fails with
>> GSS-API error acquiring credentials: Miscellaneous failure
>> GSS-API error acquiring credentials: No such file or directory

The server would fail this way because it can't find the keytab file.
I don't know where win3k is looking for it, but you should figure this
out, and purt the keytab there.

Finally, for testing the gss-sample client, 

                Marc



More information about the Kerberos mailing list