BC-SNC, MIT Kerberos V, SSO, GSS-API v2
Calin Barbat
c.barbat at osram.de
Tue Sep 7 09:42:16 EDT 2004
Norbert Klasen wrote:
> some hints you might want to try:
> - use MIT Kerberos 1.3.x. It implements the native Windows enctype
> arcfour-hmac-md5 and supports TCP to connect to the KDC. (unlikely)
> - test if you can successfully establish a GSSAPI connection between your
> Windows workstation and your Unix server with gss-client and gss-server
> (Windows versions are included in the KfW package).
>
I tried available Kerberos releases 1.1.1, 1.2.x, 1.3.x and my findings
are as follows:
- older versions than 1.2.8 issue a relocation error in the shared
library.
- newer versions than 1.2.8 lead to a segmentation fault in the
gsstest program.
Therefore I used 1.2.8.
I used Kermit 95 in order to do an ftp from a win2k client to the linux
machine and telnet is also working, but only ftp is making use of the
GSS-API. I think this is replacing the gss-server, gss-client test.
Calin Barbat.
More information about the Kerberos
mailing list