Problem in running gss.exe of kfw 2.6 using MSLSA cache and using Active Directory as kdc
Vikas Gandhi
vgandhi at quark.co.in
Mon Apr 5 02:40:54 EDT 2004
C:\>klist tgt
Cached TGT:
ServiceName: krbtgt
TargetName: krbtgt
FullServiceName: mittest
DomainName: QDMS.CO.IN
TargetDomainName: QDMS.CO.IN
AltTargetDomainName: QDMS.CO.IN
TicketFlags: 0x40e00000
KeyExpirationTime: 1/1/1601 5:30:00
StartTime: 4/5/2004 9:28:09
EndTime: 4/5/2004 19:28:09
RenewUntil: 4/12/2004 9:28:09
TimeSkew: 1/1/1601 5:30:00
C:\>C:\OSBA\kfw-2.6-final\src\target\bin\i386\dbg\klist.exe -c MSLSA:
klist.exe: No credentials cache found while resolving ccache MSLSA:
I tried this by running the samples from Administrator but the same
results.
Jeffrey, U r very right when u say that If I don't have credentials
then I can't use gss. But why I am not able to pick up my credentials
FYI: I am giving a small check list of registry and env variables.
#1
C:\>echo %KRB5CCNAME%
MSLSA:
C:\ >echo %KRB5_KTNAME%
.\\krb5kt
#2
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
AllowTGTSessionKey = 0x01 (DWORD)
#3 krb5.ini located in c:\windows says
[domain_realm]
.QDMS.CO.IN = QDMS.CO.IN
QDMS.CO.IN = QDMS.CO.IN
[libdefaults]
dns_lookup_kdc = true
default_realm = QDMS.CO.IN
default_keytab_name = .\\krb5kt
default_tgs_enctypes = DES-CBC-CRC
default_tkt_enctypes = DES-CBC-CRC
ticket_lifetime = 600
[realms]
QDMS.CO.IN = {
admin_server = beetle
kdc = beetle.qdms.co.in:88
}
Is there anything missing in the checklist ???
Regards
Vikas
Jeffrey Altman <jaltman2 at nyc.rr.com> wrote in message news:<4070529D.3010301 at nyc.rr.com>...
> Vikas Gandhi wrote:
>
> > Now I reversed the entry
> > HKLM\Software\MIT\Kerberos5\
> > PreserveInitialTicketIdentity = 0x0 (DWORD)
> > HKCU\Software\MIT\Kerberos5\
> > PreserveInitialTicketIdentity = 0x0 (DWORD)
> > and introduced new entry
> > HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
> > AllowTGTSessionKey = 0x01 (DWORD)
> > Still the resulta are the sane
> >
> > Regards
> > Vikas
>
> What does "klist.exe -C" report?
More information about the Kerberos
mailing list