Problem with mit2ms - Tickets are not transfered to LSA cache

Christoph Fritz christoph.fritz at gmail.com
Tue Nov 3 02:34:04 EST 2009


Hi,

I'm currently facing a problem when implementing a kerberos based SSO
solution with SAP on Linux and an Active Directory. Usually this works fine
for ABAP and JAVA but in the current environment I have a different
situation.
On the client machine I need the kerberos credentials (TGT) to be stored in
the Windows LSA cache. Usually this happens automatically when logging on to
a Microsoft Domain. Unfortunately I cannot logon from the workstations to my
domain using the windows-logon because I'm using Novell. Besides my Novell
eDirectory there is an Active directory domain.

So I tried the following (maybe a stupid idea):
After windows has logged on to Novell --> start MIT Kerberos Client and
obtain credentials from the Domain controller. After that I get the
following tickets in my local cache:

C:\Programme\MIT\Kerberos\bin>klist
Ticket cache: API:CFRITZ at CFRITZ.TEST
Default principal: CFRITZ at CFRITZ.TEST

Valid starting     Expires            Service principal
11/02/09 16:22:50  11/03/09 02:22:50  krbtgt/CFRITZ.CORP at CFRITZ.TEST
        renew until 11/09/09 16:21:35

Now I have tried to to copy these credential to windows LSA cache using
mit2ms:

C:\Programme\MIT\Kerberos\bin>mit2ms.exe
mit2ms.exe: No credentials cache found while opening MS LSA ccache

Unfortunately kerbtray does not show me any ticket in the LSY cache. Which
parameters do I need for the mit2ms executable or is my idea not working at
all? How can I transfer the tickets from the MIT Client cache to the LSA
cache of Windows?

Thanks in advance
Christoph



More information about the Kerberos mailing list