Interoperability between Linux KDC - Windows client
Priya Govindarajan
govindap at us.ibm.com
Mon Feb 11 21:40:22 EST 2008
Hi,
I have some questions on interoperbility while kerberizing an application
to provide Single Sign On support. Currently implementation uses GssAPI
for linux kdc/server in linux/client in Linux and SSPI for Windows AD/
server on windows/client on windows.
I am trying the following interoperability case where Linux KDC , Server
on Linux and client on Windows. MIT leash is installed on windows machine
and I am able to get the TGT from the Linux KDC. The logon authentication
does not seem to happen through Linux kdc. Followed the steps here -
http://technet.microsoft.com/en-us/library/bb742433.aspx
The application fails when windows client tries to initiliaze context
(through SSPI calls) with no credentials found message. I am noticing that
LSA cache does not have the credential but the MIT cache does.
I see ms2mit in Leash to convert LSA cache to MIT cache. Is there a way to
authenticate windows client using Linux KDC and populate LSA cache for
windows InitializeSecurityContext SSPI calls to pass. Or should i be
calling gss_init_sec_context(which would read KRB5CCNAME location) instead
of windows SSPI calls.
Thanks,
Priya
More information about the Kerberos
mailing list