problem with gssapi and ADAT command in ftp protocol
Glen Matthews
glen at montreal.hcl.com
Tue Mar 5 13:07:58 EST 2002
Hi,
i'm trying to use the gssapi to connect via ftp to a host - i'm having
some difficulty in the authentication process and i'm inclined to think that
it's in the actual kerberos setup (but i'm *very* open to suggestions! :)
here's why.
i canonicalize the name with gss_import_name (i'm using host at server - for
some reason, ftp at server doesn't work - maybe related?). this returns
correctly. i then call gss_init_sec_context, and that returns correctly
(indicates that more info is required, expected, and the pointer to
gss_context is non-null). i then format the ADAT line and send this - the
reply i get back from the ftp server is:
535-GSSAPI error major: Miscellaneous failure
535-GSSAPI error minor: Decrypt integrity check failed
535 GSSAPI error: accepting context
when i try connecting to the same server with filezilla, i get:
501: Couldn't decode ADAT (Encoding not properly padded)
any ideas as to where i should look - what i should check?
glen
More information about the Kerberos
mailing list