Problem with SPNEGO on Solaris 10 build 4

Markus Moeller huaraz at moeller.plus.com
Sun Jul 20 11:33:53 EDT 2008 

 I tried to use my squid_kerb_auth on Solaris 10 and fail. My configure 
determines it supports SPNEGO but when I use it I get

2008/07/20 16:11:37| squid_kerb_auth: gss_accept_sec_context() failed: No 
credentials were supplied, or the credentials were unavailable or 
inaccessible. No error
BH gss_accept_sec_context() failed: No credentials were supplied, or the 
credentials were unavailable or inaccessible. No error
2008/07/20 16:11:37| squid_kerb_auth: User not authenticated

To test it I did a kinit as a user and run squid_kerb_auth_test which 
creates a base64 encoded token.
./squid_kerb_auth_test testserver.solaris.home
Token: YIICPAYGKwYBBQUCoIICMDCCAiygDTALBg......

I use then the token as input to squid_kerb_auth

./squid_kerb_auth -i -d  <<!
> YIICPAYGKwYBBQUCoIICMDCCAiygDTALBgkqh...
>!

2008/07/20 16:11:36| squid_kerb_auth: Starting version 1.0.1
2008/07/20 16:11:36| squid_kerb_auth: Got 'YR YIICPAYGKwYBBQUCoII.... from 
squid (length: 771).
2008/07/20 16:11:37| squid_kerb_auth: gss_accept_sec_context() failed: No 
credentials were supplied, or the credentials were unavailable or 
inaccessible. No error
BH gss_accept_sec_context() failed: No credentials were supplied, or the 
credentials were unavailable or inaccessible. No error
2008/07/20 16:11:37| squid_kerb_auth: User not authenticated


When I do the same on any other platform (including Opensolaris) it works 
fine. Also when I configure squid_kerb_auth without -DHAVE_SPNEGO it works 
fine e.g. I get:

2008/07/20 16:11:07| squid_kerb_auth: Starting version 1.0.1
2008/07/20 16:11:07| squid_kerb_auth: Got 'YR YIICEQYJKoZIhvcSAQICAQB.... 
from squid (length: 715).
2008/07/20 16:11:07| squid_kerb_auth: parseNegTokenInit failed with rc=102
2008/07/20 16:11:07| squid_kerb_auth: Token is possibly a GSSAPI token
AF AA== markus at SOLARIS.HOME
2008/07/20 16:11:07| squid_kerb_auth: AF AA== markus at SOLARIS.HOME
2008/07/20 16:11:07| squid_kerb_auth: User markus at SOLARIS.HOME authenticated


Is this a know problem with Solaris 10 or must I specify the right mechanism 
?


Thank you
Markus

More information about the Kerberos mailing list