[39244] in Kerberos
help: Host Authentication Failed
daemon@ATHENA.MIT.EDU (Zhenlong Hou)
Mon May 22 04:00:20 2023
From: Zhenlong Hou <zhou@rocketsoftware.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Mon, 22 May 2023 07:54:40 +0000
Message-ID: <MN2PR07MB65925B3CD050326D613496D5B6439@MN2PR07MB6592.namprd07.prod.outlook.com>
MIME-Version: 1.0
Content-Language: zh-CN
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello everyone
I want to use Windows client/server + MIT Kerberos & OpenLadp to implement SSO authentication.
On the application server side, I use LsaLogonUser() to ask for a Network style logon through S4U Kerb extension.
But the LsaLogonUser() failed.
According to the KDC Server's log, there is a error "LOOKING_UP_SERVER: authtime 0, host/sample.com@SAMPLE.COM for host\/sample.com@SAMPLE.COM, Server not found in Kerberos database" in TGS_REQ.
According to the application server's log, the sname-string is 1 item and SNameString is host/sample.com in req-body of tgs-req.
I think the sname-string should be 2 items and SNameString are host and sample.com.
My question is the S4U in windows can't implement SSO authentication with MIT Kerberos & OpenLadp?
Or I mistaken about some configuration on Windows side or on MIT Kerberos & OpenLadp side?
Thanks in advance
Chris
================================
Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA 02451 ? Main Office Toll Free Number: +1 855.577.4323
Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport
Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences
Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy
================================
This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
