MIT Krb5 does not work on WinXP SP2 was Re: KfW 2.6 vs Windows 2003 Server: question to the community
Jeffrey Altman
jaltman at columbia.edu
Tue Jan 20 17:23:07 EST 2004
I can verify the behavior. Windows will not output the session key
without or without the registry key set.
the reason that krb5_get_credentials() fails is because the session key
is NULL and the client cannot access
the data necessary to request a service ticket from the KDC.
What your krb524 code will need to do in this case is use KfW 2.6 and
set the ccache to "MSLSA:". Then
the ticket request will be performed by the Kerberos LSA and not by the
MIT libraries.
- Jeffrey Altman
diskin wrote:
> --On Tuesday, January 20, 2004 3:23 PM -0500 Jeffrey Altman
> <jaltman at columbia.edu> wrote:
>
>> Let me go test this again. However, when I tested KfW last week I did
>> not see any negative side effects when obtaining credentials. Are you
>> obtaining credentials from a Windows A.D. or from a non-MS KDC?
>
>
> The error occurs when we log into the "Kerberos Realm", not AD. We're
> running non-MS KDCs, our normal Heimdal-based KDCs.
>
>>
>> I would be interested in seeing what your 524 code is doing.
>
>
> I copied the function which does this at the end of this message:
> GetV4Creds. The failure occurs at the point I marked "***". I guess
> I need to trace further into the library to see exactly where things
> fail.
> Thanks for looking at this.
> Gregg
More information about the krbdev
mailing list