Re: [Perlgssapi-users] gss_nt_service_name
Brought to you by:
achimgrolms
Menu
▾
▴
Re: [Perlgssapi-users] gss_nt_service_name
|
From: David L. <Dav...@qu...> - 2006-09-22 09:02:31
|
Try setting the environment variable KRB5_KTNAME=/etc/ipmi.keytab when you run your server Massimiliano Masi wrote: > Hi, > > On Thursday 21 September 2006, alle 19:11, Achim Grolms wrote: > >> Whats the hostname part of >> >> ipmi/IT...@CE.... >> >> > > I've asked to the people that creates this principal for me. > There are no hostname part. The name of the principal is > simply "ipmi/IT-CC" at the realm "CERN.CH" > > >> Use kvno to check if you can get tickets for your new servicename. >> use kinit command to use the keytab for authentication >> (As a test that keytab works fine) >> > > > Yes, the keytab works fine, I'm able to get tokens: > > [root@lxdev23 root]# /usr/sue/bin/kdestroy > [root@lxdev23 root]# /usr/sue/bin/klist > klist: No ticket file: /tmp/krb5cc_0_22474 > > V4-ticket file: /tmp/tkt0_22472 > klist: No ticket file (tf_util) > [root@lxdev23 root]# /usr/sue/bin/kinit -k --keytab=/etc/ipmi.keytab ipmi/IT-CC > kinit: NOTICE: ticket renewable lifetime is 1 week > [root@lxdev23 root]# klist > -bash: klist: command not found > [root@lxdev23 root]# /usr/sue/bin/klist > Credentials cache: FILE:/tmp/krb5cc_0_22474 > Principal: ipmi/IT...@CE... > > Issued Expires Principal > Sep 22 09:07:02 Sep 23 09:07:02 krbtgt/CE...@CE... > Sep 22 09:07:02 Sep 23 09:07:02 af...@CE... > > V4-ticket file: /tmp/tkt0_22472 > Principal: ipm...@CE... > > Issued Expires Principal > Sep 22 09:07:02 Sep 23 10:33:23 krb...@CE... > > > > But the error is the same: > > root@pcitadc05:~/.cpan/build/GSSAPI-0.23/examples# ./gss-client.pl -hostname lxdev23.cern.ch -prodid ipmi/IT-CC -port 10000 -mutual > ./gss-client.pl: using [ipmi/IT...@lx...:10000] > CLIENT::principal [ipmi/IT-CC] means going to communicate with server name [ipmi/IT-CC] > Use of uninitialized value in subroutine entry at ./gss-client.pl line 88. > CLIENT::gss_init_sec_context success > CLIENT::going to identify client to server > CLIENT::have token to send ... > CLIENT::GSS token length is 511 > CLIENT::sent token to server > CLIENT::Mutual auth requested ... > CLIENT::server did not send needed continue token back > root@pcitadc05:~/.cpan/build/GSSAPI-0.23/examples# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: ma...@CE... > > Valid starting Expires Service principal > 09/22/06 09:10:50 09/23/06 09:10:50 krbtgt/CE...@CE... > 09/22/06 09:10:53 09/23/06 09:10:50 ipmi/IT...@CE... > > > > Look, I'm able to receive the serviceticket for ipmi/IT-CC, but > > > Where the server replies: > > SERVER::waiting for request ... > SERVER::accepted connection from client ... > SERVER::received token (length is 511): > Unable to accept security context: > MAJOR::Miscellaneous failure > MINOR::No principal in keytab matches desired name > Argument "\0\0\0\0" isn't numeric in null operation at ./gss-server.pl line 81, <GEN2> line 1. > (in cleanup) oid has no value at ./gss-server.pl line 81, <GEN2> line 1. > SERVER::exiting after error > > > > > |
