unable to authenticate using active directory/mit kfw 2.5 and

Jeffrey Altman jaltman2 at nyc.rr.com
Sat Mar 13 10:43:22 EST 2004


> Question3: For the scenario described above I have chosen SASL
> implementation using netscape sdk. I have tried this in Solaris and
> have succeeded. I tested with SEAM/Directory Server 5.2 and AD
> implemented using Luke Padl samples implementations for
> authentications and found that it was successful (attached
> libgssldap.c).
> 
>  I then ported this to windows using kfw2.5 and failed to run the
> samples
> 
> May Be (MS uses SSPI to fetch Microsoft credentials from the LSA
> (Windows version of credentials cache) while and then kfw 2.5 uses
> GSSAPI and has its own credential caches)

There are indeed different credentials caches.  With KFW 2.5 you
must copy the MS credentials from the LSA to CCAPI with the MS2MIT.EXE
utility.

In KFW 2.6 (currently in beta), you can simply set the environment
variable

	KRB5CCNAME = MSLSA:

before starting your application and the credentials from the MS LSA
cache will automatically and transparently be used.

Jeffrey Altman
KFW Maintainer


More information about the Kerberos mailing list