Re: [Perlgssapi-users] context init without exising cache
Brought to you by:
achimgrolms
From: Stijn De W. <sti...@ug...> - 2016-10-11 06:16:42
|
hi achim, > just to be sure: The output from both commands with the same kerberos-config? > Only the versions of Kerberos-libraries differ? the only difference on el7 is the "default_ccache_name = KEYRING:persistent:%{uid}" entry in libdefaults. (but on el7, when i set KRB5CCNAME to DIR:/something of FILE:, it also works) > > In both cases you have run sucessfully the kinit before and have a valid TGT? kinit -kt /etc/krb5.keytab works, but i'm trying to get the context without a valid TGT present (ie an empty cache). so the output is produced without a valid TGT present. stijn > > Best Regards, > Achim > > > > On Monday 10 October 2016, Stijn De Weirdt wrote: >> hi all, >> >> following the example code in >> http://search.cpan.org/~agrolms/GSSAPI-0.23/GSSAPI.pm >> i manage to create and list the credentials on a system were no cache >> existed before on centos7 (perl-5.16.3-286.el7.x86_64 >> krb5-libs-1.13.2-12.el7_2.x86_64 perl-GSSAPI-0.28-9.el7.x86_64) >> >> running with KRB5_TRACE=/dev/stdout, i get >> >>> using Name host/fqdn@REALM >>> Security context's time to live 74391 secs >>> seems everything is fine, type klist to see the ticket >>> >>> [5408] 1476125005.968256: Getting credentials host/fqdn@REALM -> >>> host/fqdn@REALM using ccache DIR::/tmp/x1/tktgfp8aQ [5408] >>> 1476125005.968489: Retrieving host/fqdn@REALM -> host/fqdn@REALM from >>> DIR::/tmp/x1/tktgfp8aQ with result: 0/Success [5408] 1476125005.968609: >>> Creating authenticator for host/fqdn@REALM -> host/fqdn@REALM, seqnum >>> 252462246, subkey aes256-cts/CBEE, session key aes256-cts/BB8B >> >> and afterwards klist shows expected >> >> (fqdn and REALM are replaced) >> >> >> however on EL6 system (perl-5.10.1-141.el6_7.1.x86_64 >> krb5-libs-1.10.3-57.el6.x86_64 perl-GSSAPI-0.26-6.el6.x86_64), >> i get >> >>> [8576] 1476125499.295546: ccselect can't find appropriate cache for >>> server principal host/fqdn@REALM >>> >>> using Name host/fqdn@REALM >>> >>> Errors: Unspecified GSS failure. Minor code may provide more information >>> Credentials cache file '/tmp/krb5cc_0' not found >>> major 851968 minor 2529639107 >> >> my question is: what GSSAPI and/or krb5 version is required to be able >> to create a credential cache where non-existed before? >> >> or can someone shed some light on the error above? >> >> many thanks, >> >> stijn >> >> --------------------------------------------------------------------------- >> --- Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> _______________________________________________ >> Perlgssapi-users mailing list >> Per...@li... >> https://lists.sourceforge.net/lists/listinfo/perlgssapi-users > |