mech_dh is the Diffie-Hellman mechanism in Solaris.
On older systems, this is the default mech that gets
used if the caller does not specify the Kerberos OID when
making the init/accept calls.
To make the system default to using the Kerberos mech,
adjust the lines in /etc/gss/mech file so that kerberos_v5
mechanism appears before the mech_dh mechanisms.
-Wyllys
Jacques Lebastard wrote:
Hi folks,
I wrote a SSPI Client / GSS-API Server application that works fine in
a tree of ActiveDirectory domains / Solaris realm environment where
the KDC are the AD domain controlers.
Server application is located in mytree.dom and users in
child.mytree.dom.
However, I sometimes get an error for some users. These users can
establish a context from W2K workstations but cannot from WinXP
workstations (both workstations are located in child.mytree.dom).
The Solaris GSS-API server shows the following error message for
connections established on WinXP ws:
MAJOR(gss_accept_sec_context) : Unspecified GSS failure. Minor code
may provide more information MINOR(gss_accept_sec_context) : mech_dh:
Invalid or unknown error
What does 'mech_dh' mean ? Diffie-Hellman mechanism ???
What differences between Kerberos SSP W2K SP4 and WinXP SP 1 ?
Thanks for any hint, -- Jacques
________________________________________________ Kerberos mailing
list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos