GSSAPI client on Windows
SFBZH@aol.com
SFBZH at aol.com
Fri Jul 8 04:11:09 EDT 2005
Thank you for your help, it is much appreciated.
I have reinstalled the MITKerberosForWindows-2.6.5.exe. Both gssapi32.dll and krb5_32.dll are up to date. The problem remains.
"Douglas E. Engert" <deengert at anl.gov> said:
> Not sure what you mean by "import the TGT & service ticket"
By "import the TGT & service ticket", I mean that I have launched both
>kinit -5 user
and
>kinit -5 -S service/pc36.domain.com
I know that the gssapi should get the service ticket itself but I have a good reason to do that. (well, I think so)
If the service ticket has not been previously imported, when gss_init_sec_context fails, the problem may come from the KDC, the network, the local krbcc32s, the local network configuration, the gssapi call...
If the service ticket is already in the local cache, the problem is much more localised. Everything take place on the Windows station (pc35). The elements I have to check are my call to the gssapi, my kerberos local installation and my kerberos local configuration. (Incremental debugging :p ) It seems that the client program (gssapi) doesn't interact properly or doesn't interact at all with the local cache manager (krbcc32s) but I don't know how to check it. Is there a local cache configuration file? How does the gssapi find the local cache? How does it find out which mechanism to use? (krb4, krb5...)
I fell my krb5.ini is weak. Is this correct? I've got nothing more than that:
[libdefaults]
default_domain = domain.com
default_realm = DOMAIN.COM
[realms]
DOMAIN.COM = {
admin_server = pc36:750
kdc = 192.168.0.36:88
}
Best regards
M
More information about the krbdev
mailing list