How can I get the GSS samples from KfW 3.2.2 to work on my Windows XP SP3 computer ?

Guilbert STABILO guilbert.stabilo at yahoo.fr
Tue Mar 30 08:20:04 EDT 2010 

Here is exactly what I did:


1/ I successfully built KfW 3.2.2 on my Windows XP SP3 platform


2/ I ran "leash32.exe" from the build then chose "Options" =>
"Kerberos v5 Properties..." => "File Location"

 + set "Ticket File field" to "C:\WINNT\krb5kt"

 + set "Configuration File" to our working company "C:\WINNT
\krb5.ini" (this file is used for accessing our company's KDC which is
known to work).


3/ Then I chose "Action" => "Import Ticket(s)/Token(s)" from my
computer and I could see my "krb5kt" file created in "C:\WINNT
\krb5kt".

I do not exactly know neither what happened when I did the "Import
Ticket(s)/Token(s)" operation nor where the tickets come from.
I suppose the Kerberos protocol has a low-level integration so Windows
store the ticket in its MSLSA cache and they are copied from there to
my "krb5kt" thanks to the leash32 import.

* If you could confirm this, you would be welcome !


4/ If I "klist", I can read the ticket file and see that I got a "host/
blowfish.acme.net at ACME.NET" service ticket (my computer is named
"blowfish").
I suppose that the "host/blowfish.acme.net at ACME.NET" is automatically
retrieved from our KDC so it can be used to expose local Windows
services using Kerberos.

* Could you also confirm that ?

BLOWFISH:jsmith:
C:\Documents and Settings\jsmith>
:klist
Ticket cache: FILE:C:\WINNT\krb5kt
Default principal: jsmith at ACME.NET

Valid starting     Expires            Service principal
03/30/10 13:57:03  03/30/10 23:36:06  krbtgt/ACME.NET at ACME.NET
        renew until 04/06/10 13:36:06
03/30/10 13:36:06  03/30/10 23:36:06  krbtgt/ACME.NET at ACME.NET
        renew until 04/06/10 13:36:06
03/30/10 13:36:06  03/30/10 23:36:06  host/blowfish.acme.net at ACME.NET
        renew until 04/06/10 13:36:06


5/ I decided to start the "gss-server" sample using this service
ticket.

BLOWFISH:jsmith:
C:\Documents and Settings\jsmith>
:gss-server host/blowfish.acme.net at ACME.NET
GSS-API error acquiring credentials: Unspecified GSS failure.  Minor
code may provide more information
GSS-API error acquiring credentials: Unsupported key table format
version number

* Please tell me how this error can occur since I used all the tools
provided in the same package version ? (there should be any
incompatibility).


Running "gss.exe" GUI packaged in the KfW 3.2.2 install produce a
failure result displaying a "gss failed" popup.

I also uninstalled my build and installed the KfW 3.2.2 runtime
package from the MIT site but GSS samples did not work better.


* Any help would be greatly appreciated. I did not find a lot of docs
about running GSS samples under Windows. I am asked to develop a C++
program authenticating on Kerberos using the GSSAPI. Please tell me or
give an URL or the right parameters for making GSS work.

More information about the Kerberos mailing list