Re: [Perlgssapi-users] context init without exising cache
Brought to you by:
achimgrolms
Menu
▾
▴
Re: [Perlgssapi-users] context init without exising cache
|
From: Stijn De W. <sti...@ug...> - 2016-10-11 06:16:42
|
hi achim,
> just to be sure: The output from both commands with the same kerberos-config?
> Only the versions of Kerberos-libraries differ?
the only difference on el7 is the
"default_ccache_name = KEYRING:persistent:%{uid}" entry in libdefaults.
(but on el7, when i set KRB5CCNAME to DIR:/something of FILE:, it also
works)
>
> In both cases you have run sucessfully the kinit before and have a valid TGT?
kinit -kt /etc/krb5.keytab works, but i'm trying to get the context
without a valid TGT present (ie an empty cache). so the output is
produced without a valid TGT present.
stijn
>
> Best Regards,
> Achim
>
>
>
> On Monday 10 October 2016, Stijn De Weirdt wrote:
>> hi all,
>>
>> following the example code in
>> http://search.cpan.org/~agrolms/GSSAPI-0.23/GSSAPI.pm
>> i manage to create and list the credentials on a system were no cache
>> existed before on centos7 (perl-5.16.3-286.el7.x86_64
>> krb5-libs-1.13.2-12.el7_2.x86_64 perl-GSSAPI-0.28-9.el7.x86_64)
>>
>> running with KRB5_TRACE=/dev/stdout, i get
>>
>>> using Name host/fqdn@REALM
>>> Security context's time to live 74391 secs
>>> seems everything is fine, type klist to see the ticket
>>>
>>> [5408] 1476125005.968256: Getting credentials host/fqdn@REALM ->
>>> host/fqdn@REALM using ccache DIR::/tmp/x1/tktgfp8aQ [5408]
>>> 1476125005.968489: Retrieving host/fqdn@REALM -> host/fqdn@REALM from
>>> DIR::/tmp/x1/tktgfp8aQ with result: 0/Success [5408] 1476125005.968609:
>>> Creating authenticator for host/fqdn@REALM -> host/fqdn@REALM, seqnum
>>> 252462246, subkey aes256-cts/CBEE, session key aes256-cts/BB8B
>>
>> and afterwards klist shows expected
>>
>> (fqdn and REALM are replaced)
>>
>>
>> however on EL6 system (perl-5.10.1-141.el6_7.1.x86_64
>> krb5-libs-1.10.3-57.el6.x86_64 perl-GSSAPI-0.26-6.el6.x86_64),
>> i get
>>
>>> [8576] 1476125499.295546: ccselect can't find appropriate cache for
>>> server principal host/fqdn@REALM
>>>
>>> using Name host/fqdn@REALM
>>>
>>> Errors: Unspecified GSS failure. Minor code may provide more information
>>> Credentials cache file '/tmp/krb5cc_0' not found
>>> major 851968 minor 2529639107
>>
>> my question is: what GSSAPI and/or krb5 version is required to be able
>> to create a credential cache where non-existed before?
>>
>> or can someone shed some light on the error above?
>>
>> many thanks,
>>
>> stijn
>>
>> ---------------------------------------------------------------------------
>> --- Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Perlgssapi-users mailing list
>> Per...@li...
>> https://lists.sourceforge.net/lists/listinfo/perlgssapi-users
>
|
