Jacques Lebastard wrote:
Hi there,
a few days ago, I succeeded in running a SSPI/GSS-API client/server program between an XP workstation and a Solaris server. The server's keytab was generated using Windows 'ktpass' tool.
Windows 2000 AD did not handle the kvno correctly and always used 1 or 0. 2003 does increment it each time it is changed. So you may have changed the number.
Also when you use the ktpass, 2003 will update the password and kvno.
If you have the MIT kerberos, you can verify the kvno in the AD by using kvno cvs/<hostname>@<realm> on the Solaris system.
You can also get the kvno value by looking up the value of the "msDS-KeyVersionNumber" attribute of the account in Windows 2003 AD.
I generated another keytab file using the same tool (with the same parameters) and installed that keytab file on the server.
Now, the server claims it cannot accept the token :
gss_accept_sec_context: Invalid credential was supplied
gss_accept_sec_context: Key version number for principal in key table is incorrect
I tried to generate another keytab file using the -kvno 1 option but to no avail.
What did I miss ?
--
Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
