Re: [Perlgssapi-users] gss_nt_service_name
Brought to you by:
achimgrolms
Menu
▾
▴
Re: [Perlgssapi-users] gss_nt_service_name
|
From: Massimiliano M. <mas...@ce...> - 2006-09-25 08:30:25
|
Hi,
Finally, removing the flag, I'm able to use the serviceprincipal
ipmi/IT...@CE.... But I got a new error, and I think that is a
GSSAPI problem. Let me reminder a little bit my app:
I'm developing a soap service. From the client (mitkerberos) I
call two procedure (one for making mutual auth, and the other
for doing the right operation, so two soap messages).
I first call the procedure1(), i make an accept() on it,
and I got the serviceticket back. After, I encapsulate the serviceticket
in the soap message and I call the procedure2, where I make another
accept(). If the server is Heimdal on debian, everything goes
well. But if the server is Mit on RHEL, I got this error:
soap:Server, Security error: in retr_pass(): unable to accept security context MAJOR::Miscellaneous failure
MINOR::Request is a replay
(in cleanup) oid has no value at /usr/lib/perl5/site_perl/5.8.5/SOAP/Lite.pm line 2557.
returning from procedure2(). So, the first accept() in procedure1 goes ok,
I receive the serviceticket as:
mascanc@pcitadc05 ~/IPMIDEV/rpm/IPMItoolsuite-client-0.9.0/client $ klist
Ticket cache: FILE:/tmp/krb5cc_1001_I9DWU5
Default principal: ma...@CE...
Valid starting Expires Service principal
09/25/06 10:05:06 09/26/06 10:05:05 krbtgt/CE...@CE...
09/25/06 10:05:09 09/26/06 10:05:05 af...@CE...
09/25/06 10:29:11 09/26/06 10:05:05 ipmi/IT...@CE...
Kerberos 4 ticket cache: /tmp/tkt1001
klist: You have no tickets cached
but the second call to accept() in procedure2() returns error.
Have you any ideas?
Thanks!
--
Massimiliano Masi
http://www.comunidelchianti.it/~max
|
