2009/11/10 Douglas E. Engert <
deengert@...>
>
> Julien Montmartin wrote:
>
>> Hi List,
>>
>> I'm working on a kerberized application server and I have some trouble
>> when
>> I try to generate the keytab with ktpass... Although evrything works
>> nicely
>> for demo in the lab, it fails in real world !
>>
>> Here the command I use (windows 2000 server SP4) :
>>
>> ktpass -ptype KRB5_NT_PRINCIPAL -princ HTTP/
>>
myComputer.private.myCompagnie.com@... -mapuser
>>
testUser@... -pass xyz -out C:\temp\keytab
>>
>
> -mapuser testUser
>
>
Thanks Douglas, now I get my ketab... But now gss_acquire_cred () fails with
error : "No principal in keytab matches desired name". This is the kind of
code I use :
gss_buffer_desc tmpTok=GSS_C_EMPTY_BUFFER;
tmpTok.value="
HTTP@...";
//tmpTok.value="HTTP@myComputer" -> Doesn't work either
gss_name_t srvName=GSS_C_NO_NAME;
MS=gss_import_name(&ms, &tmpTok, (gss_OID) GSS_C_NT_HOSTBASED_SERVICE,
&srvName);
MS=gss_acquire_cred(&ms, srvName, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
GSS_C_ACCEPT, &fCredentials, NULL, NULL);
Well, once again, this code works in the lab so I guess it's not totaly
wrong... How can I know the "desired name" the library is looking for ? When
I generate my keytab, ktpass said "vno = 1" but when I check it on the
server with kvno it says :
"
HTTP/myComputer.private.myCompagnie.com@...: kvno = 0".
Isn't it wrong ? I've also tried with kinit :
kinit -k -t C:\keytab HTTP/myComputer.private.myCompagnie.com@
PRIVATE.MYCOMPAGNIE.COM
It says nothing, but doesn't fail... Any idea ?
________________________________________________
Kerberos mailing list
Kerberos@...
https://mailman.mit.edu/mailman/listinfo/kerberos
