Kerberos5 with sap and linux

T_Kast@gebr-heinemann.de T_Kast at gebr-heinemann.de
Tue Jun 19 08:52:15 EDT 2007


Dear kerberos experts,
i followed a description from c.barbat i found at mit kerberos list to 
validate kerberos.
my environment is:

RH REL Red Hat 3.4.6-2 64-bit with 
Kerberos krb5-libs-1.3.4-27 (Standard from RH)
SAP WEB AS Version 6.40

what i did.

* i generated the snckrb5.so as described
* i got a keytab file from the windows guys 
* i compiled the gsstest utility from sap sdn
* i did a kinit for the sap<sid> User
* before i start with sap stuff i tried gsstst wich allready fails
with following errors:
  "SAPService/gh.de at GH.DE"
  Nametype oid = {1 2 840 113554 1 2 2 1}         NT= 
GSS_KRB5_NT_PRINCIPAL_NAME

TEST: Examining the exported name framing
  Framing details for exported name (Section 3.2, GSS-API v2 spec):
    TOK_ID            :   00000: 04 01
    MECH_OID_LEN = 11 :   00002: 00 0b
        OID tag       :   00004: 06
        OID len =   9 :   00005: 09
        OID elements  :   00006: 2a 86 48 86 f7 12 01 02  02
          = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
    NAME_LEN   =   22 :   0000f: 00 00 00 16
    NAME              :   00013: 53 41 50 53 65 72 76 69   SAPServi
                          0001b: 63 65 2f 67 68 2e 64 65   ce/gh.de
                          00023: 40 47 48 2e 44 45         @GH.DE
Status:  gss_release_name() == 
(GSS_S_CALL_INACCESSIBLE_READ|GSS_S_BAD_NAME)
         gss_display_status(0x01020000,GSS_S_GSS_CODE) =
           "A required input parameter could not be read"
           "An invalid name was supplied"
names.c(251): ERROR: (gss_name_t)out_name   was not zeroed by 
gss_release_name()!
RESULT  NOT ok (rc=2)

Can anyone provide my a snckrb5.so file for my platform, or better give me 
some hints what went wrong ?


thanks
Thomas


-------


Gebr. Heinemann Kommanditgesellschaft - Hamburg - Registergericht Hamburg - HR A 15017


More information about the Kerberos mailing list