help: Host Authentication Failed
Zhenlong Hou
zhou at rocketsoftware.com
Mon May 22 03:54:40 EDT 2023
Hello everyone
I want to use Windows client/server + MIT Kerberos & OpenLadp to implement SSO authentication.
On the application server side, I use LsaLogonUser() to ask for a Network style logon through S4U Kerb extension.
But the LsaLogonUser() failed.
According to the KDC Server's log, there is a error "LOOKING_UP_SERVER: authtime 0, host/sample.com at SAMPLE.COM for host\/sample.com at SAMPLE.COM, Server not found in Kerberos database" in TGS_REQ.
According to the application server's log, the sname-string is 1 item and SNameString is host/sample.com in req-body of tgs-req.
I think the sname-string should be 2 items and SNameString are host and sample.com.
My question is the S4U in windows can't implement SSO authentication with MIT Kerberos & OpenLadp?
Or I mistaken about some configuration on Windows side or on MIT Kerberos & OpenLadp side?
Thanks in advance
Chris
================================
Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA 02451 ? Main Office Toll Free Number: +1 855.577.4323
Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport
Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences
Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy
================================
This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you.
More information about the Kerberos
mailing list