[mailto:ghud...@mit.edu]
Sent: Monday, October 27, 2014 11:21 AM
To: Xie, Hugh; kerberos@mit.edu
Subject: Re: gss_init_sec_context with delegated_cred_handle error
On 10/23/2014 11:38 AM, Xie, Hugh wrote:
When I pass GSS_C_NO_CREDENTIAL as cred_handle to gss_init_sec_context(), I
got no error
other
resource for looking at AD/Mit KRB5.
-Original Message-
From: Greg Hudson [mailto:ghud...@mit.edu]
Sent: Thursday, January 15, 2015 11:49 PM
To: Xie, Hugh; 'kerberos@mit.edu'
Subject: Re: Wrong principal in request error on gss_accept_sec_context()
On 01/15/2015 05:18 PM, Xie, Hugh
Kvno returns 15. I created a new entry HTTP/host2.site123.baml.com @
COMMON.BANKOFAMERICA.COM in keytab with kvno = 15. I still get the same wrong
principal error
-Original Message-
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of
Xie, Hugh
Sent: Monday
I upgrade the version of krb5 lib to version 1.13. Got more specific error:
Request ticket server HTTP/ host2.site123.baml@common.bankofamerica.com
kvno 15 enctype rc4-hmac found in keytab but cannot decrypt ticket
Any idea?
-Original Message-
From: Xie, Hugh
Sent: Thursday
/s4u_creds.c:krb5_get_self_cred_from_kdc()
Gdb does seems stop at any one of the functions.
Please provide pointer. Thanks.
-Original Message-
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of
Xie, Hugh
Sent: Monday, January 12, 2015 4:44 PM
To: Greg Hudson; 'kerberos@mit.edu
-
From: Greg Hudson [mailto:ghud...@mit.edu]
Sent: Tuesday, January 06, 2015 1:52 PM
To: Xie, Hugh; 'kerberos@mit.edu'
Subject: Re: Wrong principal in request error on gss_accept_sec_context()
On 01/05/2015 09:36 PM, Xie, Hugh wrote:
1. /efs/dist/kerberos/mit/1.11.5/exec/bin/klist -k -t
)
Session Key Type: RSADSI RC4-HMAC(NT)
3. What is the window equivalent command on windows?
-Original Message-
From: Greg Hudson [mailto:ghud...@mit.edu]
Sent: Monday, January 05, 2015 5:12 PM
To: Xie, Hugh; 'kerberos@mit.edu'
Subject: Re: Wrong principal in request error
Message-
From: Greg Hudson [mailto:ghud...@mit.edu]
Sent: Friday, December 19, 2014 11:24 AM
To: Xie, Hugh; kerberos@mit.edu
Subject: Re: Wrong principal in request error on gss_accept_sec_context()
On 12/18/2014 02:02 PM, Xie, Hugh wrote:
I am getting Wrong principal in request error
]
Sent: Friday, December 19, 2014 12:11 PM
To: Xie, Hugh; kerberos@mit.edu
Subject: Re: Wrong principal in request error on gss_accept_sec_context()
When you try to connect to the non-working server on the client, what service
ticket appears in the cache as reported by klist? How does this compare
@ COMMON.BANKOFAMERICA.COM
-Original Message-
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of
Xie, Hugh
Sent: Friday, December 19, 2014 1:33 PM
To: Greg Hudson; kerberos@mit.edu
Subject: RE: Wrong principal in request error on gss_accept_sec_context()
We are using
Hi,
I am getting Wrong principal in request error on gss_accept_sec_context() on
one host but does not on another. I verified /etc/hosts, both host conform to
this format
# Default /etc/hosts file
127.0.0.1 localhost.localdomain localhost
123.150.123.123 myhost.bankdomain.com myhost
?
-Original Message-
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of
Xie, Hugh
Sent: Thursday, October 23, 2014 11:39 AM
To: kerberos@mit.edu
Subject: gss_init_sec_context with delegated_cred_handle error
Hi,
When I pass GSS_C_NO_CREDENTIAL as cred_handle
Thanks. Setting KRB5_CLIENT_KTNAME and setting KRB5CCNAME to a none default
location resolve the issue.
-Original Message-
From: Greg Hudson [mailto:ghud...@mit.edu]
Sent: Monday, October 27, 2014 11:21 AM
To: Xie, Hugh; kerberos@mit.edu
Subject: Re: gss_init_sec_context
Hi,
When I pass GSS_C_NO_CREDENTIAL as cred_handle to gss_init_sec_context(), I got
no error. But when I pass delegated_cred_handle (output from
gss_accept_sec_context) as cred_handle to gss_init_sec_context(), I got
'Matching credential not found' error. It seems that when passing
The mailing server mess up the string of the principal into email
Here is uppercase principal USERID @ MY.DOMAIN.COM and the lower case
principal is userid @ my.domain.com
From: Xie, Hugh
Sent: Thursday, October 23, 2014 11:39 AM
To: kerberos@mit.edu
Subject: gss_init_sec_context
Perhaps this is a bug. Gss_init_sec_context did return GSS_S_COMPLETE for me.
-Original Message-
From: Greg Hudson [ghud...@mit.edumailto:ghud...@mit.edu]
Sent: Wednesday, October 08, 2014 11:10 PM Eastern Standard Time
To: Xie, Hugh; Kerberos@mit.edu
Subject: Re: Not getting delegation
1,3,2,4 or 1,3,4,2, then the error disappear.
-Original Message-
From: Greg Hudson [mailto:ghud...@mit.edu]
Sent: Thursday, October 09, 2014 12:45 PM
To: Xie, Hugh; 'Kerberos@mit.edu'
Subject: Re: Not getting delegation credential from gss_accept_sec_context()
On 10/09/2014 07:12 AM, Xie
Correction. #3 is gss_release_buffer on output_token.
-Original Message-
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of
Xie, Hugh
Sent: Thursday, October 09, 2014 1:45 PM
To: Greg Hudson; 'Kerberos@mit.edu'
Subject: RE: Not getting delegation credential
in authenticate_gss_server_init (service=0x4016a7
HTTP, state=0x607010) at server_init.c:264
#8 0x00401544 in main () at server_init.c:299
-Original Message-
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of
Xie, Hugh
Sent: Monday, October 06, 2014 4:50 PM
Switched to 1.12 resolved this issue. Thanks.
-Original Message-
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of
Xie, Hugh
Sent: Wednesday, October 08, 2014 10:30 AM
To: Kerberos@mit.edu; Greg Hudson
Subject: RE: Not getting delegation credential from
[mailto:kerberos-boun...@mit.edu] On Behalf Of
Xie, Hugh
Sent: Wednesday, October 08, 2014 1:29 PM
To: Kerberos@mit.edu; Greg Hudson
Subject: RE: Not getting delegation credential from gss_accept_sec_context()
Switched to 1.12 resolved this issue. Thanks.
-Original Message-
From: kerberos-boun
, Hugh; Kerberos@mit.edu
Subject: Re: Not getting delegation credential from gss_accept_sec_context()
On 10/08/2014 03:41 PM, Xie, Hugh wrote:
After switching version 1.12.2, as a follow up question to the next step of
S4U2Proxy.
I passed the delegated_cred_handle from *gss_accept_sec_context
...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of
Xie, Hugh
Sent: Wednesday, October 08, 2014 5:23 PM
To: Greg Hudson; Kerberos@mit.edu
Subject: RE: Not getting delegation credential from gss_accept_sec_context()
That was what I did. Both context_handle for *gss_accept_sec_context
Hi,
I am having trouble with S4U2Proxy. Looking into *accept_sec_context.c*, it has
:
* if (delegated_cred_handle != NULL
deleg_cred == NULL /* no unconstrained delegation */
cred-usage == GSS_C_BOTH
(ticket-enc_part2-flags TKT_FLG_FORWARDABLE)) {
/*
24 matches
Mail list logo