Problem with mit2ms - Tickets are not transfered to LSA cache
Christoph Fritz
christoph.fritz at gmail.com
Tue Nov 3 02:34:04 EST 2009
Hi,
I'm currently facing a problem when implementing a kerberos based SSO
solution with SAP on Linux and an Active Directory. Usually this works fine
for ABAP and JAVA but in the current environment I have a different
situation.
On the client machine I need the kerberos credentials (TGT) to be stored in
the Windows LSA cache. Usually this happens automatically when logging on to
a Microsoft Domain. Unfortunately I cannot logon from the workstations to my
domain using the windows-logon because I'm using Novell. Besides my Novell
eDirectory there is an Active directory domain.
So I tried the following (maybe a stupid idea):
After windows has logged on to Novell --> start MIT Kerberos Client and
obtain credentials from the Domain controller. After that I get the
following tickets in my local cache:
C:\Programme\MIT\Kerberos\bin>klist
Ticket cache: API:CFRITZ at CFRITZ.TEST
Default principal: CFRITZ at CFRITZ.TEST
Valid starting Expires Service principal
11/02/09 16:22:50 11/03/09 02:22:50 krbtgt/CFRITZ.CORP at CFRITZ.TEST
renew until 11/09/09 16:21:35
Now I have tried to to copy these credential to windows LSA cache using
mit2ms:
C:\Programme\MIT\Kerberos\bin>mit2ms.exe
mit2ms.exe: No credentials cache found while opening MS LSA ccache
Unfortunately kerbtray does not show me any ticket in the LSY cache. Which
parameters do I need for the mit2ms executable or is my idea not working at
all? How can I transfer the tickets from the MIT Client cache to the LSA
cache of Windows?
Thanks in advance
Christoph
More information about the Kerberos
mailing list