"gss_import_name()" and "default_realm"

Greg Hudson ghudson at mit.edu
Wed Mar 23 15:34:32 EDT 2016

On 03/22/2016 05:17 PM, Kevin wrote:
> Again, All is working fine ! (On Debian....)
> Indeed, when I try to use that script on a FreeBSD 10.1, I meet the
> following problem :

This probably isn't the best list to ask.  krbdev at mit.edu is for
discussion about the development of MIT krb5, whereas this question
appears to be a user question about Heimdal (assuming you are using the
native Kerberos binaries on FreeBSD).  heimdal-discuss at sics.se is
appropriate for questions about Heimdal.  Alternatively,
kerberos at mit.edu is appropriate for questions about any Kerberos
implementation.  For simplicity, I will try to answer here anyway.

For the FreeBSD machine, you might find it sufficient to add
[domain_realm] directives to krb5.conf like so:

    .testing.tr = TESTING.TR
    .kerberos.tr = KERBEROS.TR

Another option is to change your Python script to pass an empty string
("") to authGSSServerInit().  That should allow the server to receive
authentications to any service in the keytab--although you may need to
check which one the client authenticated to using authGSSServerTargetName().

More information about the krbdev mailing list