2009/11/10 Douglas E. Engert <[email protected]> > > Julien Montmartin wrote: > >> Hi List, >> >> I'm working on a kerberized application server and I have some trouble >> when >> I try to generate the keytab with ktpass... Although evrything works >> nicely >> for demo in the lab, it fails in real world ! >> >> Here the command I use (windows 2000 server SP4) : >> >> ktpass -ptype KRB5_NT_PRINCIPAL -princ HTTP/ >> [email protected] -mapuser >> [email protected] -pass xyz -out C:\temp\keytab >> > > -mapuser testUser > > Thanks Douglas, now I get my ketab... But now gss_acquire_cred () fails with error : "No principal in keytab matches desired name". This is the kind of code I use :
gss_buffer_desc tmpTok=GSS_C_EMPTY_BUFFER; tmpTok.value="[email protected]"; //tmpTok.value="h...@mycomputer" -> Doesn't work either gss_name_t srvName=GSS_C_NO_NAME; MS=gss_import_name(&ms, &tmpTok, (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &srvName); MS=gss_acquire_cred(&ms, srvName, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, &fCredentials, NULL, NULL); Well, once again, this code works in the lab so I guess it's not totaly wrong... How can I know the "desired name" the library is looking for ? When I generate my keytab, ktpass said "vno = 1" but when I check it on the server with kvno it says : "HTTP/[email protected]: kvno = 0". Isn't it wrong ? I've also tried with kinit : kinit -k -t C:\keytab HTTP/myComputer.private.myCompagnie.com@ PRIVATE.MYCOMPAGNIE.COM It says nothing, but doesn't fail... Any idea ? ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
