[OpenAFS] Re: gssklog-0.10 - better support for SEAM and SSPI with cross realm

Douglas E. Engert deengert@anl.gov
Tue, 09 Sep 2003 16:24:52 -0500 

Please try compiling with the -DDEBUG affed to the MYCFLAGS = in the
Makefile. 

You can the run the server with: -d -p <portnumber> 
and the client with a -port <portnumber> and maybe a -server <servername>
and see what happens. 

I had some proplems with uisng SEAM with the server. The MIT works fine.  

ALso do a klist -e to see the enc_types. There maybe some mismatch between the
KDC and the client or server Kerberos implementation. 



Chris McClimans wrote:
> 
> We are further along, now we at least get the gssklog/fqdn@REALM
> service tickets.
> init_sec_contexts fails, but with a major code of 'Unspecified GSS
> failure'
> The minor code is zero, so I'm not sure if that is going to provide any
> more information.
> 
> bash-2.03# uname -a
> SunOS olive 5.8 Generic_108528-13 sun4u sparc SUNW,Sun-Blade-100
> bash-2.03# kinit mccliman@CS.TTU.EDU
> Password for mccliman@CS.TTU.EDU:
> bash-2.03# klist
> Ticket cache: /tmp/krb5cc_0
> Default principal: mccliman@CS.TTU.EDU
> 
> Valid starting                       Expires
> Service principal
> Tue Sep 09 16:10:03 2003  Wed Sep 10 02:10:03 2003
> krbtgt/CS.TTU.EDU@CS.TTU.EDU
>          renew until Tue Sep 16 16:10:03 2003
> bash-2.03# cat /etc/gss/mech
> # Mechanism Name        Object Identifier       Shared Library  Kernel
> Module
> #
> diffie_hellman_640_0    1.3.6.4.1.42.2.26.2.4   dh640-0.so.1
> diffie_hellman_1024_0   1.3.6.4.1.42.2.26.2.5   dh1024-0.so.1
> kerberos_v5             1.2.840.113554.1.2.2    gl/mech_krb5.so
> gl_kmech_krb5
> bash-2.03# ./gssklog
> GSS-error init_sec_context failed: major:000d0000 minor:00000000
> Unspecified GSS failure.  Minor code may provide more information
> No error
> Problem 2 with server elm.cs.ttu.edu, trying next
> GSS-error init_sec_context failed: major:000d0000 minor:00000000
> Unspecified GSS failure.  Minor code may provide more information
> No error
> Problem 2 with server oak.cs.ttu.edu
> Failed code = 2
> bash-2.03# klist
> Ticket cache: /tmp/krb5cc_0
> Default principal: mccliman@CS.TTU.EDU
> 
> Valid starting                       Expires
> Service principal
> Tue Sep 09 16:10:03 2003  Wed Sep 10 02:10:03 2003
> krbtgt/CS.TTU.EDU@CS.TTU.EDU
>          renew until Tue Sep 16 16:10:03 2003
> Tue Sep 09 16:10:14 2003  Wed Sep 10 02:10:03 2003
> gssklog/elm.cs.ttu.edu@CS.TTU.EDU
>          renew until Tue Sep 16 16:10:03 2003
> Tue Sep 09 16:10:14 2003  Wed Sep 10 02:10:03 2003
> gssklog/oak.cs.ttu.edu@CS.TTU.EDU
>          renew until Tue Sep 16 16:10:03 2003

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444