GSS-API win2k/unix need help!
Marc Horowitz
marc at MIT.EDU
Mon Feb 25 20:15:21 EST 2002
"Rick" <mail at server.net> writes:
>> On unix
>> 1. ktutil
>> 2. rkt unix1.keytab
>> 3. list
>> 4. wkt /etc/krb5.keytab
>> 5. q
Is there a reason you did all this instead of "cp"?
>> To try to get it to work in my NT machine I basically did the same thing.
>>
>> On kdc:
>> 1. ktpass -princ tsample/host1.d1.com at D1.COM -mapuser test -pass
>> testpass -out test.keytab
>> 2. transfer keytab to windows computer.
>>
>> There doesn't seem to be a ktutil.exe on windows.
What do you think you need ktutil for?
>> I presume I need to get a
>> ticket for 'tsample'. I tried kinit -k -t krb5.keytab -S tsample test.
>> It didn't work. Neither did several other variations.
Why are you giving kinit the -S flag? I do not think it does what you
think it does. For that matter, why are you using a keytab at all?
It's much easier to create a normal user principal and use kinit to
get tickets. If you must use a keytab, the correct invocatrion is
"kinit -k -t keytabfile tsample/host1.d1.com at D1.COM". Of course, the
last argument should be the actual principal name of the key you want
to use.
>>
>> The gss-server sample fails with
>> GSS-API error acquiring credentials: Miscellaneous failure
>> GSS-API error acquiring credentials: No such file or directory
The server would fail this way because it can't find the keytab file.
I don't know where win3k is looking for it, but you should figure this
out, and purt the keytab there.
Finally, for testing the gss-sample client,
Marc
More information about the Kerberos
mailing list