Need help with ms2mit.exe

Jeffrey Altman jaltman2 at nyc.rr.com
Thu Jul 13 11:54:20 EDT 2006


"klist -e"

I bet the Kerberos implementation you are using in cygwin does not have
support for the enctypes used by Microsoft.  RC4-HMAC

Jeffrey Altman


Pat Connolly wrote:
> Jeff, Thanks, That worked. When I had tried the -c option I did not put
> the FILE: in front of the path.
> 
> I am now running into an other problem. If I open a cygwin xterm window
> and run kinit, I get the ticket. I am then able to ssh to any of the
> servers with out being asked for a password. But when I run ms2mit and
> then try to ssh, I am asked for a password. If I run klist I see a
> valid ticket. It looks the same as the ticket I get after running
> kinit. In the kdc.log on the kdc server, I get an error stating:
> "<unknown client> for host/FQDN at REALM, No mathcing key in entry" The
> other think that I have noticed when I do a klist is that after I do a
> kinit and then ssh, the server I went to is in my ticket cache. But
> after I run ms2mit and then ssh, the server is not added.
> 
> Thanks
> Pat
> 
> 
> Jeffrey Altman wrote:
>> Cygwin can only use file based ccaches.  You need to store the TGT
>> into a file ccache.
>>
>>   ms2mit.exe -c FILE:<pathname>
>>
>> Then you have to specify the default ccache name in your cygwin
>> environment.
>>
>> Jeffrey Altman
>>
>>
>> Pat Connolly wrote:
>>> Hello,
>>>
>>> I have installed kfw-3.0 on my XP workstation It authenticates against
>>> the KDC with no problems. Klist shows the ticket in the MSLSA cache.
>>>
>>> On my workstation, I also have cygwin installed with krb5 and kerberos
>>> enabled ssh. Once I run kinit, my ssh works fine.
>>>
>>> I am now trying to get the Windows tickets to be dumped to the krb5
>>> file cache using ms2mit so that I do not need to enter my password a
>>> second time. When I run ms2mit from the command line I get the prompt
>>> back with no errors but the krb5 cache is not populated. Any ideas
>>> where I went wrong?
>>>
>>> Thanks
>>> Pat
> 



More information about the Kerberos mailing list