gss_init_sec_context() failed: : Ccache function not supported:
peter huang
peter.huang at hp.com
Wed Apr 13 13:10:36 EDT 2005
thanks so much for you help. I got rid of the ccache error from
gss_init_sec_context. I'll write up the request for getting MSLSA open up
more. However, I don't know how much visibility I can get with the request
since MS has it's own priority and procedures espeically when it comes to
enhancment request.
-peter
"Jeffrey Altman" <jaltman2 at nyc.rr.com> wrote in message
news:2Ea7e.15847$mp6.458792 at twister.nyc.rr.com...
> peter huang wrote:
>
>> I'm glad more was asked about this subject, I gained more understanding
>> of
>> how this should work. In this case, the gss_init_sec_context failed
>> trying
>> to get a cross-realm tgt using MSLSA ccache but has no problem if I used
>> API:krb5cc ccache. the realm info is more explict in krb5.ini but I did
>> not
>> use ksetup to identify additonal realms (I did add the trust relationship
>> with AD DC).
>> -peter huang
>
> If you want to be able to use MSLSA, then you must configure the realms
> using KSETUP.EXE.
>
> When you are using the MSLSA, you are essentially asking to obtain
> tickets using the Microsoft Kerberos implementation not the MIT Kerberos
> implementation. If a ticket cannot be obtained via the Microsoft
> Kerberos implementation (due to mis-configuration), the MIT Kerberos
> libraries will obtain the ticket but will not be able to write it back
> to the LSA cache.
>
> If you would like to have this functionality, please contact Microsoft
> and make a request that they provide it. The MIT Kerberos team and
> several other parties have also made such as request. Perhaps as one
> of Microsoft's largest OEMs, HP will have the influence to convince them
> to open the LSA cache so that third party libraries such as MIT KFW can
> store tickets.
>
> If you choose to file such a request, be sure to explain to them why the
> Microsoft Kerberos implementation cannot obtain tickets in your
> cross-realm environment.
>
> Jeffrey Altman
>
>
> --
> -----------------
> This e-mail account is not read on a regular basis.
> Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list