BC-SNC, MIT Kerberos V, SSO, GSS-API v2

Calin Barbat c.barbat at osram.de
Wed Sep 8 04:36:34 EDT 2004


Norbert, you were right. I just tried to play around (locally) with the 
sserver/sclient from krb5-1.3.4/src/appl/sample and I got the following 

    In /var/log/messages something like:
        sserver: recvauth failed--Software caused connection abort

    And from sclient:
        ./sclient: Ticket expired while using sendauth

I used following commands:

    ./sserver -p 8888 -s host/<myhost>.<mydomain2>.<mydomain1>.de -S 


    ./sclient <myhost>.<mydomain2>.<mydomain1>.de 8888 

Any idea about the cause of this behaviour?


Norbert Klasen wrote:

> some hints you might want to try:
> - use MIT Kerberos 1.3.x. It implements the native Windows enctype
> arcfour-hmac-md5 and supports TCP to connect to the KDC. (unlikely)
> - test if you can successfully establish a GSSAPI connection between your
> Windows workstation and your Unix server with gss-client and gss-server
> (Windows versions are included in the KfW package).
> Norbert

More information about the Kerberos mailing list