"gss_import_name()" and "default_realm"
ghudson at mit.edu
Wed Mar 23 15:34:32 EDT 2016
On 03/22/2016 05:17 PM, Kevin wrote:
> Again, All is working fine ! (On Debian....)
> Indeed, when I try to use that script on a FreeBSD 10.1, I meet the
> following problem :
This probably isn't the best list to ask. krbdev at mit.edu is for
discussion about the development of MIT krb5, whereas this question
appears to be a user question about Heimdal (assuming you are using the
native Kerberos binaries on FreeBSD). heimdal-discuss at sics.se is
appropriate for questions about Heimdal. Alternatively,
kerberos at mit.edu is appropriate for questions about any Kerberos
implementation. For simplicity, I will try to answer here anyway.
For the FreeBSD machine, you might find it sufficient to add
[domain_realm] directives to krb5.conf like so:
.testing.tr = TESTING.TR
.kerberos.tr = KERBEROS.TR
Another option is to change your Python script to pass an empty string
("") to authGSSServerInit(). That should allow the server to receive
authentications to any service in the keytab--although you may need to
check which one the client authenticated to using authGSSServerTargetName().
More information about the krbdev