gss_init_sec_context() failed: : Ccache function not supported:

peter huang peter.huang at hp.com
Wed Apr 13 13:10:36 EDT 2005


thanks so much for you help.   I got rid of the ccache error from 
gss_init_sec_context.   I'll write up the request for getting MSLSA open up 
more.  However,  I don't know how much visibility I can get with the request 
since MS has it's own priority and procedures espeically when it comes to 
enhancment request.

-peter

"Jeffrey Altman" <jaltman2 at nyc.rr.com> wrote in message 
news:2Ea7e.15847$mp6.458792 at twister.nyc.rr.com...
> peter huang wrote:
>
>> I'm glad more was asked about this subject, I gained more understanding 
>> of
>> how this should work.  In this case, the gss_init_sec_context failed 
>> trying
>> to get a cross-realm tgt using MSLSA ccache but has no problem if I used
>> API:krb5cc ccache.  the realm info is more explict in krb5.ini but I did 
>> not
>> use ksetup to identify additonal realms (I did add the trust relationship
>> with AD DC).
>> -peter huang
>
> If you want to be able to use MSLSA, then you must configure the realms
> using KSETUP.EXE.
>
> When you are using the MSLSA, you are essentially asking to obtain
> tickets using the Microsoft Kerberos implementation not the MIT Kerberos
> implementation.  If a ticket cannot be obtained via the Microsoft
> Kerberos implementation (due to mis-configuration), the MIT Kerberos
> libraries will obtain the ticket but will not be able to write it back
> to the LSA cache.
>
> If you would like to have this functionality, please contact Microsoft
> and make a request that they provide it.  The MIT Kerberos team and
> several other parties have also made such as request.  Perhaps as one
> of Microsoft's largest OEMs, HP will have the influence to convince them
> to open the LSA cache so that third party libraries such as MIT KFW can
> store tickets.
>
> If you choose to file such a request, be sure to explain to them why the
> Microsoft Kerberos implementation cannot obtain tickets in your
> cross-realm environment.
>
> Jeffrey Altman
>
>
> -- 
> -----------------
> This e-mail account is not read on a regular basis.
> Please send private responses to jaltman at mit dot edu 




More information about the Kerberos mailing list