Problem with mit2ms - Tickets are not transfered to LSA cache

Hi,

I'm currently facing a problem when implementing a kerberos based SSO
solution with SAP on Linux and an Active Directory. Usually this works fine
for ABAP and JAVA but in the current environment I have a different
situation.
On the client machine I need the kerberos credentials (TGT) to be stored in
the Windows LSA cache. Usually this happens automatically when logging on to
a Microsoft Domain. Unfortunately I cannot logon from the workstations to my
domain using the windows-logon because I'm using Novell. Besides my Novell
eDirectory there is an Active directory domain.

So I tried the following (maybe a stupid idea):
After windows has logged on to Novell --> start MIT Kerberos Client and
obtain credentials from the Domain controller. After that I get the
following tickets in my local cache:

C:\Programme\MIT\Kerberos\bin>klist
Ticket cache: API:CFRITZ@...
Default principal: CFRITZ@...

Valid starting     Expires            Service principal
11/02/09 16:22:50  11/03/09 02:22:50  krbtgt/CFRITZ.CORP@...
        renew until 11/09/09 16:21:35

Now I have tried to to copy these credential to windows LSA cache using
mit2ms:

C:\Programme\MIT\Kerberos\bin>mit2ms.exe
mit2ms.exe: No credentials cache found while opening MS LSA ccache

Unfortunately kerbtray does not show me any ticket in the LSY cache. Which
parameters do I need for the mit2ms executable or is my idea not working at
all? How can I transfer the tickets from the MIT Client cache to the LSA
cache of Windows?

Thanks in advance
Christoph
________________________________________________
Kerberos mailing list           Kerberos@...
https://mailman.mit.edu/mailman/listinfo/kerberos

Christoph Fritz wrote:
>
> Unfortunately kerbtray does not show me any ticket in the LSY cache. Which
> parameters do I need for the mit2ms executable or is my idea not working at
> all? How can I transfer the tickets from the MIT Client cache to the LSA
> cache of Windows?
>
mit2ms worked on Vista.  It does not work on XP and 2003.  I have not
tested it on Vista SP2 and Win7.





________________________________________________
Kerberos mailing list           Kerberos@...
https://mailman.mit.edu/mailman/listinfo/kerberos

Jeffrey Altman wrote:
> Christoph Fritz wrote:
>> Unfortunately kerbtray does not show me any ticket in the LSY cache. Which
>> parameters do I need for the mit2ms executable or is my idea not working at
>> all? How can I transfer the tickets from the MIT Client cache to the LSA
>> cache of Windows?
>>
> mit2ms worked on Vista.  It does not work on XP and 2003.  I have not
> tested it on Vista SP2 and Win7.
I just tested on Win7 and it won't work there until the krb5 library
cc_mslsa.c is updated to handle the current behavior.

Jeffrey Altman



________________________________________________
Kerberos mailing list           Kerberos@...
https://mailman.mit.edu/mailman/listinfo/kerberos

Jeffrey any chance this could be updated for XP/2003 or this is already
out of scope?

On 03.11.2009 18:19, Jeffrey Altman wrote:

________________________________________________
Kerberos mailing list           Kerberos@...
https://mailman.mit.edu/mailman/listinfo/kerberos

Nikolay Shopik wrote:
> Jeffrey any chance this could be updated for XP/2003 or this is already
> out of scope?
XP/2003 doesn't have the appropriate interfaces.




________________________________________________
Kerberos mailing list           Kerberos@...
https://mailman.mit.edu/mailman/listinfo/kerberos