Kerberos SNC Shim and OSX Yosemite

Jeffery Dowell jeffery.dowell at duke.edu
Wed Jul 1 15:43:56 EDT 2015


Hello Everyone,

I have a question for the community regarding the Kerberos SNC shim. I am currently trying to get authentication to SAP through Kerberos working on OSX 10.10 (Yosemite). In Yosemite, Apple has removed support for DES, which means that I can't get a Kerberos ticket from Kerberos systems still using DES. As workaround, I am using a heimdal implementation to request a ticket and have it appear in the Mac ticket viewer. However, when I open SAP I get the error:
GSS-API(min):Encryption type des-cbc-md4-deprecated not supported
I am using the Shim SNC adapter from Ben on GitHub to fix the 32/64 bit java issue that was found a while back. It appears that SAP interfaces with this adapter but that the adapter doesn't see my ticket. The ticket does appear in the OSX ticket viewer and seems usable to the rest of the system.

Should I insert my heimdal ticket in a different manner?
Is there a heimdal equivalent for the MIT shim?
Perhaps there is an all MIT Kerberos option for sidestepping the Apple implementation?

Many thanks for any insights.

Jeffery


More information about the Kerberos mailing list