SSPI/GSS-API : mech_dh: Invalid or unknown error
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Fri Apr 8 08:25:05 EDT 2005
mech_dh is the Diffie-Hellman mechanism in Solaris.
On older systems, this is the default mech that gets
used if the caller does not specify the Kerberos OID when
making the init/accept calls.
To make the system default to using the Kerberos mech,
adjust the lines in /etc/gss/mech file so that kerberos_v5
mechanism appears before the mech_dh mechanisms.
-Wyllys
Jacques Lebastard wrote:
> Hi folks,
>
> I wrote a SSPI Client / GSS-API Server application that works fine in
> a tree of ActiveDirectory domains / Solaris realm environment where
> the KDC are the AD domain controlers.
>
> Server application is located in mytree.dom and users in
> child.mytree.dom.
>
> However, I sometimes get an error for some users. These users can
> establish a context from W2K workstations but cannot from WinXP
> workstations (both workstations are located in child.mytree.dom).
>
> The Solaris GSS-API server shows the following error message for
> connections established on WinXP ws:
>
> MAJOR(gss_accept_sec_context) : Unspecified GSS failure. Minor code
> may provide more information MINOR(gss_accept_sec_context) : mech_dh:
> Invalid or unknown error
>
>
> What does 'mech_dh' mean ? Diffie-Hellman mechanism ???
>
> What differences between Kerberos SSP W2K SP4 and WinXP SP 1 ?
>
>
> Thanks for any hint, -- Jacques
>
> ________________________________________________ Kerberos mailing
> list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list