[OpenAFS] /etc/gss/mech + gssklog

Douglas E. Engert deengert@anl.gov
Tue, 09 Sep 2003 15:33:44 -0500 

Chris McClimans wrote:
> 
> I've switched around /etc/gss/mech to put kerberos_v5 first. Now it
> gives me some errors about invalid tokens.

I had seen this in my testing, and the gssklog-0.10 should fix this.

The problem appears to be that SEAM wants the input_token parameter to the
first call to gss_init_sec_context to be NULL, rather then a pointer
to a gss_buffer with lenght=0. (The MIT GSSAPI will work either way.)

I had done some testing on Solaris 5.8 with the standard SEAM. This may be
fixed in a later release.  So please try the gssklog-0.10 and let me know if
it works better.   


> gssklog works on other boxes (linux boxes) at this point. So it's still
> something with my solaris configuration I think.

No idiosyncrocies with SEAM it looks like. 

With the gssklog-0.10 you can restore the /etc/gss/mech to its original state. 
 
> 
> Where can I look up the error codes for GSS-errors and stuff. Is in it
> the gssapi standard somewhere?
> -chris
> 
> bash-2.03# cat /etc/gss/mech
> # Mechanism Name        Object Identifier       Shared Library  Kernel
> Module
> #
> kerberos_v5             1.2.840.113554.1.2.2    gl/mech_krb5.so
> gl_kmech_krb5
> diffie_hellman_640_0    1.3.6.4.1.42.2.26.2.4   dh640-0.so.1
> diffie_hellman_1024_0   1.3.6.4.1.42.2.26.2.5   dh1024-0.so.1
> 
> bash-2.03# klist
> Ticket cache: /tmp/krb5cc_0
> Default principal: mccliman@CS.TTU.EDU
> 
> Valid starting                       Expires
> Service principal
> Tue Sep 09 14:30:49 2003  Wed Sep 10 00:30:49 2003
> krbtgt/CS.TTU.EDU@CS.TTU.EDU
>          renew until Tue Sep 16 14:30:49 2003
> 
> bash-2.03# ./gssklog
> GSS-error init_sec_context failed: major:00090000 minor:00000000
> Invalid token was supplied
> No error
> Problem 2 with server elm.cs.ttu.edu, trying next
> GSS-error init_sec_context failed: major:00090000 minor:00000000
> Invalid token was supplied
> No error
> Problem 2 with server oak.cs.ttu.edu
> Failed code = 2
> 
> bash-2.03# klist
> Ticket cache: /tmp/krb5cc_0
> Default principal: mccliman@CS.TTU.EDU
> 
> Valid starting                       Expires
> Service principal
> Tue Sep 09 14:30:49 2003  Wed Sep 10 00:30:49 2003
> krbtgt/CS.TTU.EDU@CS.TTU.EDU
>          renew until Tue Sep 16 14:30:49 2003
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444