problem:Hi i want to test Keberos Interoperatability with windows and linux

Eswar S eswars at huawei.com
Tue Jan 23 22:13:44 EST 2007 

Hi all,

I have the KDC in windows 2003 server.kerberos client I am running at linux
machine. I have added on user in my AD as gssserver . same gssserver account
I am able to login from linux machine. I am getting TGT.But I am not able to
run gss-server sample application.

./gss-server test/linux.gxboss.com at GXBOSS.COM

 

GSS-API error acquiring credentials: Unspecified GSS failure.  Minor code
may provide more information

GSS-API error acquiring credentials: No such file or directory

 

I wanted an environment like sspiclient (gssclient) in windows should
mutually authenticate linux gssserver using same windows KDC.

 

Can please help me

 

C:\Program Files\Resource Kit>SETSPN -A test/linux gssserver

Registering ServicePrincipalNames for CN=gssserver,CN=Users,DC=gxboss,DC=com

        test/linux

Updated object

C:\Program Files\Resource Kit>Setspn.exe -L gssserver

Registered ServicePrincipalNames for CN=gssserver,CN=Users,DC=gxboss,DC=com:

    test/linux

    sample/linux.gxboss.com

    host/linux.gxboss.com

    host/linux

    gssserver/gssserver

C:\ktpass>ktpass -out test.keytab -princ test/linux.gxboss.com at GXBOSS.COM
-pass infoseclab  -crypto DES-CBC-CRC -ptype KRB5_NT_PRINCIPAL -kvno 9

Key created.

Output keytab to test.keytab:

Keytab version: 0x502

keysize 59 test/linux.gxboss.com at GXBOSS.COM ptype 1 (KRB5_NT_PRINCIPAL) vno
9 et

ype 0x1 (DES-CBC-CRC) keylength 8 (0xc4da9d4591a21c76)

 

I transferred this key tab file to Linux machine and merged with
/etc/krb5.keytab using ktutil

I am not able to execute gss-server.......... please give a solution , I am
struggling for this problem from so long time.

 

Thank you

Eswar S

****************************************************************************
****************************

 This e-mail and attachments contain confidential information from HUAWEI,
which is intended only for the person or entity whose address is listed
above. Any use of the information contained herein in any way (including,
but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended recipient's) is
prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

More information about the Kerberos mailing list