mech_dh is the Diffie-Hellman mechanism in Solaris.
On older systems, this is the default mech that gets used if the caller does not specify the Kerberos OID when making the init/accept calls.
To make the system default to using the Kerberos mech, adjust the lines in /etc/gss/mech file so that kerberos_v5 mechanism appears before the mech_dh mechanisms.
-Wyllys
Jacques Lebastard wrote:
Hi folks,
I wrote a SSPI Client / GSS-API Server application that works fine in a tree of ActiveDirectory domains / Solaris realm environment where the KDC are the AD domain controlers.
Server application is located in mytree.dom and users in child.mytree.dom.
However, I sometimes get an error for some users. These users can establish a context from W2K workstations but cannot from WinXP workstations (both workstations are located in child.mytree.dom).
The Solaris GSS-API server shows the following error message for connections established on WinXP ws:
MAJOR(gss_accept_sec_context) : Unspecified GSS failure. Minor code may provide more information MINOR(gss_accept_sec_context) : mech_dh: Invalid or unknown error
What does 'mech_dh' mean ? Diffie-Hellman mechanism ???
What differences between Kerberos SSP W2K SP4 and WinXP SP 1 ?
Thanks for any hint, -- Jacques
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
