[32212] in Kerberos
How can I get the GSS samples from KfW 3.2.2 to work on my Windows XP
daemon@ATHENA.MIT.EDU (Guilbert STABILO)
Tue Mar 30 23:41:42 2010
From: Guilbert STABILO <guilbert.stabilo@yahoo.fr>
Date: Tue, 30 Mar 2010 05:20:04 -0700 (PDT)
Message-ID: <59ebcd08-e131-47eb-8f57-7113f4ef7bc0@30g2000yqi.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Here is exactly what I did:
1/ I successfully built KfW 3.2.2 on my Windows XP SP3 platform
2/ I ran "leash32.exe" from the build then chose "Options" =>
"Kerberos v5 Properties..." => "File Location"
+ set "Ticket File field" to "C:\WINNT\krb5kt"
+ set "Configuration File" to our working company "C:\WINNT
\krb5.ini" (this file is used for accessing our company's KDC which is
known to work).
3/ Then I chose "Action" => "Import Ticket(s)/Token(s)" from my
computer and I could see my "krb5kt" file created in "C:\WINNT
\krb5kt".
I do not exactly know neither what happened when I did the "Import
Ticket(s)/Token(s)" operation nor where the tickets come from.
I suppose the Kerberos protocol has a low-level integration so Windows
store the ticket in its MSLSA cache and they are copied from there to
my "krb5kt" thanks to the leash32 import.
* If you could confirm this, you would be welcome !
4/ If I "klist", I can read the ticket file and see that I got a "host/
blowfish.acme.net@ACME.NET" service ticket (my computer is named
"blowfish").
I suppose that the "host/blowfish.acme.net@ACME.NET" is automatically
retrieved from our KDC so it can be used to expose local Windows
services using Kerberos.
* Could you also confirm that ?
BLOWFISH:jsmith:
C:\Documents and Settings\jsmith>
:klist
Ticket cache: FILE:C:\WINNT\krb5kt
Default principal: jsmith@ACME.NET
Valid starting Expires Service principal
03/30/10 13:57:03 03/30/10 23:36:06 krbtgt/ACME.NET@ACME.NET
renew until 04/06/10 13:36:06
03/30/10 13:36:06 03/30/10 23:36:06 krbtgt/ACME.NET@ACME.NET
renew until 04/06/10 13:36:06
03/30/10 13:36:06 03/30/10 23:36:06 host/blowfish.acme.net@ACME.NET
renew until 04/06/10 13:36:06
5/ I decided to start the "gss-server" sample using this service
ticket.
BLOWFISH:jsmith:
C:\Documents and Settings\jsmith>
:gss-server host/blowfish.acme.net@ACME.NET
GSS-API error acquiring credentials: Unspecified GSS failure. Minor
code may provide more information
GSS-API error acquiring credentials: Unsupported key table format
version number
* Please tell me how this error can occur since I used all the tools
provided in the same package version ? (there should be any
incompatibility).
Running "gss.exe" GUI packaged in the KfW 3.2.2 install produce a
failure result displaying a "gss failed" popup.
I also uninstalled my build and installed the KfW 3.2.2 runtime
package from the MIT site but GSS samples did not work better.
* Any help would be greatly appreciated. I did not find a lot of docs
about running GSS samples under Windows. I am asked to develop a C++
program authenticating on Kerberos using the GSSAPI. Please tell me or
give an URL or the right parameters for making GSS work.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
