Problem with SPNEGO on Solaris 10 build 4

Douglas E. Engert deengert at anl.gov
Mon Jul 21 12:24:02 EDT 2008



Markus Moeller wrote:
>  I tried to use my squid_kerb_auth on Solaris 10 and fail. My configure 
> determines it supports SPNEGO but when I use it I get
> 
> 2008/07/20 16:11:37| squid_kerb_auth: gss_accept_sec_context() failed: No 
> credentials were supplied, or the credentials were unavailable or 
> inaccessible. No error
> BH gss_accept_sec_context() failed: No credentials were supplied, or the 
> credentials were unavailable or inaccessible. No error
> 2008/07/20 16:11:37| squid_kerb_auth: User not authenticated
> 
> To test it I did a kinit as a user and run squid_kerb_auth_test which 
> creates a base64 encoded token.
> ./squid_kerb_auth_test testserver.solaris.home
> Token: YIICPAYGKwYBBQUCoIICMDCCAiygDTALBg......
> 
> I use then the token as input to squid_kerb_auth
> 
> ./squid_kerb_auth -i -d  <<!
>> YIICPAYGKwYBBQUCoIICMDCCAiygDTALBgkqh...
>> !
> 
> 2008/07/20 16:11:36| squid_kerb_auth: Starting version 1.0.1
> 2008/07/20 16:11:36| squid_kerb_auth: Got 'YR YIICPAYGKwYBBQUCoII.... from 
> squid (length: 771).
> 2008/07/20 16:11:37| squid_kerb_auth: gss_accept_sec_context() failed: No 
> credentials were supplied, or the credentials were unavailable or 
> inaccessible. No error
> BH gss_accept_sec_context() failed: No credentials were supplied, or the 
> credentials were unavailable or inaccessible. No error
> 2008/07/20 16:11:37| squid_kerb_auth: User not authenticated
> 
> 
> When I do the same on any other platform (including Opensolaris) it works 
> fine. Also when I configure squid_kerb_auth without -DHAVE_SPNEGO it works 
> fine e.g. I get:
> 
> 2008/07/20 16:11:07| squid_kerb_auth: Starting version 1.0.1
> 2008/07/20 16:11:07| squid_kerb_auth: Got 'YR YIICEQYJKoZIhvcSAQICAQB.... 
> from squid (length: 715).
> 2008/07/20 16:11:07| squid_kerb_auth: parseNegTokenInit failed with rc=102
> 2008/07/20 16:11:07| squid_kerb_auth: Token is possibly a GSSAPI token
> AF AA== markus at SOLARIS.HOME
> 2008/07/20 16:11:07| squid_kerb_auth: AF AA== markus at SOLARIS.HOME
> 2008/07/20 16:11:07| squid_kerb_auth: User markus at SOLARIS.HOME authenticated
> 
> 
> Is this a know problem with Solaris 10 or must I specify the right mechanism 
> ?
> 

I had some problems with mod_auth_kerb with SPNEGO on Solaris 10, bit mostly
with storing delegate credentials.
http://opensolaris.org/jive/thread.jspa?threadID=59270&tstart=0

It might have to do with what maintenance level you are at.
Over the life of Solaris 10, Sun has made quite a few changes, including
adding the Kerberos header files.  ldd might also show something.

> 
> Thank you
> Markus
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list