Problem with SPNEGO on Solaris 10 build 4
Douglas E. Engert
deengert at anl.gov
Mon Jul 21 12:24:02 EDT 2008
Markus Moeller wrote:
> I tried to use my squid_kerb_auth on Solaris 10 and fail. My configure
> determines it supports SPNEGO but when I use it I get
>
> 2008/07/20 16:11:37| squid_kerb_auth: gss_accept_sec_context() failed: No
> credentials were supplied, or the credentials were unavailable or
> inaccessible. No error
> BH gss_accept_sec_context() failed: No credentials were supplied, or the
> credentials were unavailable or inaccessible. No error
> 2008/07/20 16:11:37| squid_kerb_auth: User not authenticated
>
> To test it I did a kinit as a user and run squid_kerb_auth_test which
> creates a base64 encoded token.
> ./squid_kerb_auth_test testserver.solaris.home
> Token: YIICPAYGKwYBBQUCoIICMDCCAiygDTALBg......
>
> I use then the token as input to squid_kerb_auth
>
> ./squid_kerb_auth -i -d <<!
>> YIICPAYGKwYBBQUCoIICMDCCAiygDTALBgkqh...
>> !
>
> 2008/07/20 16:11:36| squid_kerb_auth: Starting version 1.0.1
> 2008/07/20 16:11:36| squid_kerb_auth: Got 'YR YIICPAYGKwYBBQUCoII.... from
> squid (length: 771).
> 2008/07/20 16:11:37| squid_kerb_auth: gss_accept_sec_context() failed: No
> credentials were supplied, or the credentials were unavailable or
> inaccessible. No error
> BH gss_accept_sec_context() failed: No credentials were supplied, or the
> credentials were unavailable or inaccessible. No error
> 2008/07/20 16:11:37| squid_kerb_auth: User not authenticated
>
>
> When I do the same on any other platform (including Opensolaris) it works
> fine. Also when I configure squid_kerb_auth without -DHAVE_SPNEGO it works
> fine e.g. I get:
>
> 2008/07/20 16:11:07| squid_kerb_auth: Starting version 1.0.1
> 2008/07/20 16:11:07| squid_kerb_auth: Got 'YR YIICEQYJKoZIhvcSAQICAQB....
> from squid (length: 715).
> 2008/07/20 16:11:07| squid_kerb_auth: parseNegTokenInit failed with rc=102
> 2008/07/20 16:11:07| squid_kerb_auth: Token is possibly a GSSAPI token
> AF AA== markus at SOLARIS.HOME
> 2008/07/20 16:11:07| squid_kerb_auth: AF AA== markus at SOLARIS.HOME
> 2008/07/20 16:11:07| squid_kerb_auth: User markus at SOLARIS.HOME authenticated
>
>
> Is this a know problem with Solaris 10 or must I specify the right mechanism
> ?
>
I had some problems with mod_auth_kerb with SPNEGO on Solaris 10, bit mostly
with storing delegate credentials.
http://opensolaris.org/jive/thread.jspa?threadID=59270&tstart=0
It might have to do with what maintenance level you are at.
Over the life of Solaris 10, Sun has made quite a few changes, including
adding the Kerberos header files. ldd might also show something.
>
> Thank you
> Markus
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list