Re: [Perlgssapi-users] context init without exising cache
Brought to you by:
achimgrolms
From: Stijn De W. <sti...@ug...> - 2016-10-13 07:13:45
|
as a followup question, if getting the initial TGT is not part of (older?) perl-GSSAPI, does anyone have any idea why this works on el7? is it a change in the krb5 libs (and if so, does anyone have any idea which versions have this?) many thanks, stijn On 10/11/2016 08:16 AM, Stijn De Weirdt wrote: > hi achim, > >> just to be sure: The output from both commands with the same kerberos-config? >> Only the versions of Kerberos-libraries differ? > the only difference on el7 is the > "default_ccache_name = KEYRING:persistent:%{uid}" entry in libdefaults. > (but on el7, when i set KRB5CCNAME to DIR:/something of FILE:, it also > works) > >> >> In both cases you have run sucessfully the kinit before and have a valid TGT? > kinit -kt /etc/krb5.keytab works, but i'm trying to get the context > without a valid TGT present (ie an empty cache). so the output is > produced without a valid TGT present. > > > stijn > >> >> Best Regards, >> Achim >> >> >> >> On Monday 10 October 2016, Stijn De Weirdt wrote: >>> hi all, >>> >>> following the example code in >>> http://search.cpan.org/~agrolms/GSSAPI-0.23/GSSAPI.pm >>> i manage to create and list the credentials on a system were no cache >>> existed before on centos7 (perl-5.16.3-286.el7.x86_64 >>> krb5-libs-1.13.2-12.el7_2.x86_64 perl-GSSAPI-0.28-9.el7.x86_64) >>> >>> running with KRB5_TRACE=/dev/stdout, i get >>> >>>> using Name host/fqdn@REALM >>>> Security context's time to live 74391 secs >>>> seems everything is fine, type klist to see the ticket >>>> >>>> [5408] 1476125005.968256: Getting credentials host/fqdn@REALM -> >>>> host/fqdn@REALM using ccache DIR::/tmp/x1/tktgfp8aQ [5408] >>>> 1476125005.968489: Retrieving host/fqdn@REALM -> host/fqdn@REALM from >>>> DIR::/tmp/x1/tktgfp8aQ with result: 0/Success [5408] 1476125005.968609: >>>> Creating authenticator for host/fqdn@REALM -> host/fqdn@REALM, seqnum >>>> 252462246, subkey aes256-cts/CBEE, session key aes256-cts/BB8B >>> >>> and afterwards klist shows expected >>> >>> (fqdn and REALM are replaced) >>> >>> >>> however on EL6 system (perl-5.10.1-141.el6_7.1.x86_64 >>> krb5-libs-1.10.3-57.el6.x86_64 perl-GSSAPI-0.26-6.el6.x86_64), >>> i get >>> >>>> [8576] 1476125499.295546: ccselect can't find appropriate cache for >>>> server principal host/fqdn@REALM >>>> >>>> using Name host/fqdn@REALM >>>> >>>> Errors: Unspecified GSS failure. Minor code may provide more information >>>> Credentials cache file '/tmp/krb5cc_0' not found >>>> major 851968 minor 2529639107 >>> >>> my question is: what GSSAPI and/or krb5 version is required to be able >>> to create a credential cache where non-existed before? >>> >>> or can someone shed some light on the error above? >>> >>> many thanks, >>> >>> stijn >>> >>> --------------------------------------------------------------------------- >>> --- Check out the vibrant tech community on one of the world's most >>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >>> _______________________________________________ >>> Perlgssapi-users mailing list >>> Per...@li... >>> https://lists.sourceforge.net/lists/listinfo/perlgssapi-users >> > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Perlgssapi-users mailing list > Per...@li... > https://lists.sourceforge.net/lists/listinfo/perlgssapi-users > |