Problem in running gss.exe of kfw 2.6 using MSLSA cache and using Active Directory as kdc
Vikas Gandhi
vgandhi at quark.co.in
Fri Apr 2 03:42:11 EST 2004
I also found this from kfw release notes.
The MSLSA: credential cache relies on the ability to extract the
entire
Kerberos ticket including the session key from the Kerberos LSA. In
an
attempt to increase security Microsoft has begun to implement a
feature
by which they no longer export the session keys for Ticket Getting
Tickets.
This has the side effect of making them useless to the MIT krb5
library
when attempting to request additional service tickets.
This new feature has been seen in Windows 2003 Server, Windows 2000
Server SP4,
and Windows XP SP2 Beta. We assume that it will be implemented in all
future
Microsoft operating systems supporting the Kerberos SSPI. Microsoft
does work
closely with MIT and has provided a registry key to disable this new
feature.
Can this be a factor for not being able to run the gss-server????
Where can I find this registry key to disable this new feature as I am
using windows 2003.
Thanks
Vikas
vgandhi at quark.co.in (Vikas Gandhi) wrote in message news:<3b5385f6.0404010558.5519af9 at posting.google.com>...
> Hi Jeffrey
> I made a new user mittest thru Administrator. Then I created a new
> krb5kt file.
> ktpass ?princ mittest/beetle.qdms.co.in ?mapuser mittest -pass
> mittest -out krb5kt
> I copied the file to %WINDIR% and the place where I was running the
> gss-server.exe and I am getting the same error.
> gss-server.exe -port 5555 -verbose test
> GSS-API error acquiring credentials: Miscellaneous failure
> GSS-API error acquiring credentials: No such file or directory
>
> FYI: I have successfully run the SSPI samples and also run the against
> GSSAPI samples in unix. So I feed there is something which I am not
> able to understand.
>
> Can u please guide me further.
> Regards
> Vikas
>
> Jeffrey Altman <jaltman2 at nyc.rr.com> wrote in message news:<406BB45C.5060806 at nyc.rr.com>...
> > You need a keytab file for the gss-server.exe because the service
> > must know its key. If it does not know its key, then it cannot
> > decode the service ticket presented to it by the gss client.
> >
> > Jeffrey Altman
> >
> >
> > Vikas Gandhi wrote:
> > > Why do need krb5kt for ???? It is no where.
> > > I understand that krb5kt is equivalent of keytab in unix.
> > > But I know that there is no use of kinit but as I do not know the real
> > > problem I was just trying my way to assess what is the answer to it.
> > > Next can I understand/debug more things than what I see...some debug
> > > option in samples.
> > > Jeffrey where actually I am faulting ????
> > >
> > > Regards
> > > Vikas
More information about the Kerberos
mailing list