[30135] in Kerberos
Problem with SPNEGO on Solaris 10 build 4
daemon@ATHENA.MIT.EDU (Markus Moeller)
Sun Jul 20 11:35:18 2008
To: kerberos@mit.edu
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Sun, 20 Jul 2008 16:33:53 +0100
Message-ID: <g5vlt3$vmb$1@ger.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I tried to use my squid_kerb_auth on Solaris 10 and fail. My configure
determines it supports SPNEGO but when I use it I get
2008/07/20 16:11:37| squid_kerb_auth: gss_accept_sec_context() failed: No
credentials were supplied, or the credentials were unavailable or
inaccessible. No error
BH gss_accept_sec_context() failed: No credentials were supplied, or the
credentials were unavailable or inaccessible. No error
2008/07/20 16:11:37| squid_kerb_auth: User not authenticated
To test it I did a kinit as a user and run squid_kerb_auth_test which
creates a base64 encoded token.
./squid_kerb_auth_test testserver.solaris.home
Token: YIICPAYGKwYBBQUCoIICMDCCAiygDTALBg......
I use then the token as input to squid_kerb_auth
./squid_kerb_auth -i -d <<!
> YIICPAYGKwYBBQUCoIICMDCCAiygDTALBgkqh...
>!
2008/07/20 16:11:36| squid_kerb_auth: Starting version 1.0.1
2008/07/20 16:11:36| squid_kerb_auth: Got 'YR YIICPAYGKwYBBQUCoII.... from
squid (length: 771).
2008/07/20 16:11:37| squid_kerb_auth: gss_accept_sec_context() failed: No
credentials were supplied, or the credentials were unavailable or
inaccessible. No error
BH gss_accept_sec_context() failed: No credentials were supplied, or the
credentials were unavailable or inaccessible. No error
2008/07/20 16:11:37| squid_kerb_auth: User not authenticated
When I do the same on any other platform (including Opensolaris) it works
fine. Also when I configure squid_kerb_auth without -DHAVE_SPNEGO it works
fine e.g. I get:
2008/07/20 16:11:07| squid_kerb_auth: Starting version 1.0.1
2008/07/20 16:11:07| squid_kerb_auth: Got 'YR YIICEQYJKoZIhvcSAQICAQB....
from squid (length: 715).
2008/07/20 16:11:07| squid_kerb_auth: parseNegTokenInit failed with rc=102
2008/07/20 16:11:07| squid_kerb_auth: Token is possibly a GSSAPI token
AF AA== markus@SOLARIS.HOME
2008/07/20 16:11:07| squid_kerb_auth: AF AA== markus@SOLARIS.HOME
2008/07/20 16:11:07| squid_kerb_auth: User markus@SOLARIS.HOME authenticated
Is this a know problem with Solaris 10 or must I specify the right mechanism
?
Thank you
Markus
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
