problem with gssapi and ADAT command in ftp protocol

Glen Matthews glen at montreal.hcl.com
Tue Mar 5 13:07:58 EST 2002


Hi,

  i'm trying to use the gssapi to connect via ftp to a host - i'm having
some difficulty in the authentication process and i'm inclined to think that
it's in the actual kerberos setup (but i'm *very* open to suggestions! :)
here's why.

  i canonicalize the name with gss_import_name (i'm using host at server - for
some reason, ftp at server doesn't work - maybe related?). this returns
correctly. i then call gss_init_sec_context, and that returns correctly
(indicates that more info is required, expected, and the pointer to
gss_context is non-null). i then format the ADAT line and send this - the
reply i get back from the ftp server is:

535-GSSAPI error major: Miscellaneous failure
535-GSSAPI error minor: Decrypt integrity check failed
535 GSSAPI error: accepting context

when i try connecting to the same server with filezilla, i get:

501: Couldn't decode ADAT (Encoding not properly padded)

any ideas as to where i should look - what i should check?

glen




More information about the Kerberos mailing list