SSPI/GSS-API : mech_dh: Invalid or unknown error
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Apr 14 10:29:14 EDT 2005
Jacques Lebastard wrote:
> The Kerberos OID is specified when invoking gss_acquire_cred
> within=20 GSS-API server.
OK, but is the gss server able to actually acquire these creds? Usually,
the server gets its credentials from a keytab file (/etc/krb5/krb5.keytab
on Solaris 9).
>
> > To make the system default to using the Kerberos mech, adjust the
> > lines in /etc/gss/mech file so that kerberos_v5 mechanism appears
> > before the mech_dh mechanisms.
>
>
> Changing the entries in the mech file and restarting the GSS-API
> server=20 did not solve the problem. Would a server reboot make any
> difference ?
No, rebooting Solaris will probably not help.
What is the gssapi client requesting in it's initial token?
You might try analyzing the token that the gss-server is receiving
to make sure it is getting an initial token that requests the Kerberos
OID.
-Wyllys
More information about the Kerberos
mailing list