kfw 2.6.5 vs. 3.2.1 leash/NIM
Paul Palacios
paul at c-group.com
Sat Sep 1 15:15:00 EDT 2007
Is NIM a replacement for leash, but either could be used? My upgrade
seemed to behave contrary to that premise.
We have client applications that were written to use gssapi. All works
fine (under nt4/xp/w2k/2003), but upgraded to 3.2.1. Under 2.6.5 if the
cache does not have a tgt, leash would prompt the user for user/pwd.
Under 3.2.1, it seems that leash does not prompt under the same
conditions. If the user explicitly selects 'get tickets' menu item in
leash, the user is prompted and GSS auth process continues and works fine.
When NIM is used instead of leash (under the same conditions), NIM does
prompt for usr/pwd, but the whole GSS authentication process appears
hung and does not complete.
But, if both leash and NIM are running (and no tgt in cache), then NIM
will prompt for usr/pwd, the tickets then become visible in both leash
and NIM, and the whole GSS authentication process continues just fine.
Are both actually needed?
Additional notes...
The above seems to be consistent, whether it is the very first time NIM
is ran (no previously saved identity), or subsequent launch. Also, on a
few of the tests where NIM prompted for usr/pwd, usr/pwd was entered,
tickets were obtained, but the dialog box (for usr/pwd) just grayed-out,
remained on screen and could not be closed. All the above testing was
under xp.
Any insight as to what may be going on and what should be expected would
be greatly appreciated. Thank you in advance.
-paul
More information about the Kerberos
mailing list