If you are using MIT Kerberos for Windows 2.5 on a Windows workstation which is part of a Windows AD Domain, then the Leash ticket manager (when executed) will automatically import tickets from the Microsoft Kerberos LSA credentials cache into the MIT Kerberos credentials cache for use by applications using the MIT Kerberos API.
Under Options->Leash Configuration ... there is a check box for create missing configuration files. If there are no configuration files when Leash is run the first time, then Leash will autoconstruct them using information found in the Windows registry. The KRB5.INI (aka krb5.conf) may be necessary depending on your realm configuration.
Since Microsoft does not support Kerberos 4, you might want to also disable the Kerberos 4 support in Leash from the same configuration page.
In KfW 2.6 (soon to enter beta test) you could use the Options-> Kerberos V5 Properties ... dialog to set the Ticket File to
"MSLSA:"
Doing so would instruct the MIT Kerberos APIs to obtain tickets using the Microsoft Kerberos LSA credentials cache without importing.
Of course, if you are working on a Microsoft Windows workstation which is not part of an AD Domain then you do not have a Kerberos realm yet.
Jeffrey Altman KFW Maintainer
Kevin Burton wrote:
I am using the SSPI workbench (Keith Brown) in "server" mode listening at port 4242. I am using the MIT distribution of Kerberos and compiled the source for Windows. There is a program in that distribution called gss. This program has a single text box entry of the form
machine port principal
I enter
localhost 4242 [EMAIL PROTECTED]
The program 'gss' seems to get through the gss_import_name without error, but in gss_init_sec_context I get two errors resulting from the min_stat and maj_stat return codes. The first is 'GSS_API error initializing context: Miscellaneous failure'. The second is 'GSS-API error initializing context: No credentials cache found'. My question is, how do I establish a credential cache? The routine kinit indicates that it could not find the KDC. The application klist also indicates that there is no credential cache. What configuration step did I miss? This is for a Windows platform. I am mainly doing this as a proof of concept as the final 'client' will reside on a non-Windows platform (probably Linux) and will use Kerberos GSSAPI to log into a Windows server using SSPI on the Windows server.
Thank you for your help.
Kevin Burton [EMAIL PROTECTED] [EMAIL PROTECTED]
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
