Hello, First of all I would like to thank all people involved in the development and support of MIT Kerberos! Thank you for providing such a great product to the community!
I have already been using KfW for quite some time and now I have got an issue related to Kerberos for Windows I haven't been able to narrow down completely. I would be happy about any help. The setup is as follows: ------------------------------- We have a Windows application which uses a third party vendor library (Eldos Secure BlackBox, dynamically linked) to do SSH. The SSH functionallity includes GSSAPI authentication with Kerberos. The third party library is addressed by our application via ActiveX and COM. The third party library does the GSSAPI calls and the actual Kerberos stuff is then provided by MIT Kerberos for Windows. The issue we experience: --------------------------------- The issue we experience is related to an expiring ticket. The issue happens as follows: 1) Obtain a TGT 2) Do an SSH authentication with gssapi-with-mic 3) Outcome Successful 4) Ticket expires. 5) Try to do an SSH authentication with gssapi-with-mic 6) The Network Identity Manager comes up, asking for a password 7) Press cancel, the authentication fails [Everything as expected] 8) Obtain a new TGT in the Network Identity Manager 9) Try to do an SSH authentication with gssapi-with-mic => until now everything ok, but now: 10) The Network Identity Manager comes up asking for a password although the correct TGT is in the cache [not the expected behavior] So what I have found out is: a) If I after 10) just press OK in the password dialog of the Kerberos Network Identity Manager (without entering any password) the authentication is successful. or if I press cancel in 10) and b) restart the application all subsequent authentications work again. Until now I have not been able to reproduce this issue with the gss.exe application. This always works as expected. The third party library vendor claims that he does the same calls as in the gss-client.c code. Since I have no possibility to look into the corresponding source code (->closed source) I would be very happy about ideas from you (although this is probably an problem in the third party library). So: ----- Does anyone have an idea what could be the reason for this behaviour? I will be happy to provide a test application (how do I provide it best? attach to email?) , if someone would like to have a look. Thank you very much in advance, Best Regards, Henning _______________________________________________ kfwdev mailing list kfwdev@mit.edu http://mailman.mit.edu/mailman/listinfo/kfwdev