old segfault

Andreas ahasenack at terra.com.br
Wed Dec 14 06:46:31 EST 2005 

Reference:
http://diswww.mit.edu/menelaus.mit.edu/kerberos/24144

----- Forwarded message from Nathan Herring <nathanh at microsoft.com> -----

Subject: RE: [Ipsec-tools-devel] IPSec with Racoon and Kerberos working !!!! still
	have some questions.
From: Nathan Herring <nathanh at microsoft.com>
To: sandy s <sandypossible at gmail.com>,
	ipsec-tools-devel at lists.sourceforge.net
Date: Tue, 13 Dec 2005 03:37:29 -0800
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.0.0

Also, this should get followed up on the MIT Kerberos list so that they
can fix the problems with GSS_C_NO_OID (that should work; you shouldn't
have to replace it).
 
-nh

________________________________

From: ipsec-tools-devel-admin at lists.sourceforge.net
[mailto:ipsec-tools-devel-admin at lists.sourceforge.net] On Behalf Of
sandy s
Sent: Tuesday, December 13, 2005 1:16 AM
To: ipsec-tools-devel at lists.sourceforge.net
Subject: [Ipsec-tools-devel] IPSec with Racoon and Kerberos working !!!!
still have some questions.


Hi,

I was able to do an IPsec connection with kerberos as auth method.
Define  GSS_KRB5_NT_PRINCIPAL_NAME  as kerberos OID, replace all the
GSS_C_NO_OID in gss_canonicalize_name() to GSS_KRB5_NT_PRINCIPAL_NAME.
Get TGT for both client and server. Issue a ping. This will use kerberos
as auth method.

I have a query, If I dont have the TGT on the other side, I get errors.
Is TGT required on the other side ?  

The error messages I get are:

2005-12-13 13:01:21: DEBUG: succeed.
2005-12-13 13:01:21: ERROR: acquire cred
2005-12-13 13:01:21: ERROR: No credentials cache found
2005-12-13 13:01:21: DEBUG: ===
2005-12-13 13:01:21: DEBUG: compute DH's private.
2005-12-13 13:01:21: DEBUG:
5cfa5919 4c37c637 fe2777c7 7b9569d4 a141f529 16512d91 9321bca8 c37b4577
d8c2d531 bc1cdaf7 18ace949 c7886a06 24aa3d72 efdc2aca 748bcc57 26c035b2
3a00e01e 978c98c9 6f3aa9ef b561956a cef5aa6e b7835bee f78d3bc4 faf637ba
e1f65716 ba943df7 e0dc2e12 c19ab4fa 225877ba 4e963694 a5f57fbb eda8d0b7
2005-12-13 13:01:21: DEBUG: compute DH's public.
2005-12-13 13:01:21: DEBUG:
ef291f89 a67f6871 2c782cff 9ebd19fe 6fffc0eb 2f2cc51f 30dea103 9c0633a1
3cf425a5 1af1d433 3319bc5e 4792ccbe a261c4e3 0646b789 1cd46c05 1d32b3f0
6a5fe50a f986faae 7c5e800b f4bb2826 54900cb9 da389f77 dfe71c42 dd717169
007420be 52e6e562 575e3809 45dcded4 3bb61378 8891a60f 7c6610f0 f5289315
2005-12-13 13:01:21: ERROR: acquire cred
2005-12-13 13:01:21: ERROR: No credentials cache found
2005-12-13 13:01:21: ERROR: gssapi not yet initialized?



----- End forwarded message -----

More information about the Kerberos mailing list