Re: [Perlgssapi-users] gss_nt_service_name

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi, 

On Thursday 21 September 2006, alle 19:11, Achim Grolms wrote:
> Whats the hostname part of
> 
> ipmi/IT...@CE....
> 

I've asked to the people that creates this principal for me. 
There are no hostname part. The name of the principal is
simply "ipmi/IT-CC" at the realm "CERN.CH"

> Use kvno to check if you can get tickets for your new servicename.
> use kinit command to use the keytab for authentication
> (As a test that keytab works fine)

Yes, the keytab works fine, I'm able to get tokens:

[root@lxdev23 root]# /usr/sue/bin/kdestroy
[root@lxdev23 root]# /usr/sue/bin/klist
klist: No ticket file: /tmp/krb5cc_0_22474

   V4-ticket file: /tmp/tkt0_22472
klist: No ticket file (tf_util)
[root@lxdev23 root]# /usr/sue/bin/kinit -k --keytab=/etc/ipmi.keytab ipmi/IT-CC
kinit: NOTICE: ticket renewable lifetime is 1 week
[root@lxdev23 root]# klist
-bash: klist: command not found
[root@lxdev23 root]# /usr/sue/bin/klist
Credentials cache: FILE:/tmp/krb5cc_0_22474
        Principal: ipmi/IT...@CE...

  Issued           Expires          Principal
Sep 22 09:07:02  Sep 23 09:07:02  krbtgt/CE...@CE...
Sep 22 09:07:02  Sep 23 09:07:02  af...@CE...

   V4-ticket file: /tmp/tkt0_22472
        Principal: ipm...@CE...

  Issued           Expires          Principal
Sep 22 09:07:02  Sep 23 10:33:23  krb...@CE...

But the error is the same:

root@pcitadc05:~/.cpan/build/GSSAPI-0.23/examples# ./gss-client.pl -hostname lxdev23.cern.ch -prodid ipmi/IT-CC -port 10000 -mutual
./gss-client.pl: using [ipmi/IT...@lx...:10000]
CLIENT::principal [ipmi/IT-CC] means going to communicate with server name [ipmi/IT-CC]
Use of uninitialized value in subroutine entry at ./gss-client.pl line 88.
CLIENT::gss_init_sec_context success
CLIENT::going to identify client to server
CLIENT::have token to send ...
CLIENT::GSS token length is 511
CLIENT::sent token to server
CLIENT::Mutual auth requested ...
CLIENT::server did not send needed continue token back
root@pcitadc05:~/.cpan/build/GSSAPI-0.23/examples# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ma...@CE...

Valid starting     Expires            Service principal
09/22/06 09:10:50  09/23/06 09:10:50  krbtgt/CE...@CE...
09/22/06 09:10:53  09/23/06 09:10:50  ipmi/IT...@CE...

Look, I'm able to receive the serviceticket for ipmi/IT-CC, but 

Where the server replies:

SERVER::waiting for request ...
SERVER::accepted connection from client ...
SERVER::received token (length is 511):
Unable to accept security context:
  MAJOR::Miscellaneous failure
  MINOR::No principal in keytab matches desired name
Argument "\0\0\0\0" isn't numeric in null operation at ./gss-server.pl line 81, <GEN2> line 1.
        (in cleanup) oid has no value at ./gss-server.pl line 81, <GEN2> line 1.
SERVER::exiting after error

-- 
Massimiliano Masi

http://www.comunidelchianti.it/~max