[37139] in Kerberos
Kerberos SNC Shim and OSX Yosemite
daemon@ATHENA.MIT.EDU (Jeffery Dowell)
Wed Jul 1 15:44:22 2015
From: Jeffery Dowell <jeffery.dowell@duke.edu>
To: "Kerberos@mit.edu" <Kerberos@mit.edu>
Date: Wed, 1 Jul 2015 19:43:56 +0000
Message-ID: <BLUPR05MB167345B334820706EE932C2E9A80@BLUPR05MB167.namprd05.prod.outlook.com>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello Everyone,
I have a question for the community regarding the Kerberos SNC shim. I am currently trying to get authentication to SAP through Kerberos working on OSX 10.10 (Yosemite). In Yosemite, Apple has removed support for DES, which means that I can't get a Kerberos ticket from Kerberos systems still using DES. As workaround, I am using a heimdal implementation to request a ticket and have it appear in the Mac ticket viewer. However, when I open SAP I get the error:
GSS-API(min):Encryption type des-cbc-md4-deprecated not supported
I am using the Shim SNC adapter from Ben on GitHub to fix the 32/64 bit java issue that was found a while back. It appears that SAP interfaces with this adapter but that the adapter doesn't see my ticket. The ticket does appear in the OSX ticket viewer and seems usable to the rest of the system.
Should I insert my heimdal ticket in a different manner?
Is there a heimdal equivalent for the MIT shim?
Perhaps there is an all MIT Kerberos option for sidestepping the Apple implementation?
Many thanks for any insights.
Jeffery
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
