Re: [Perlgssapi-users] context init without exising cache
Brought to you by:
achimgrolms
Menu
▾
▴
Re: [Perlgssapi-users] context init without exising cache
|
From: Stijn De W. <sti...@ug...> - 2016-10-13 07:13:45
|
as a followup question, if getting the initial TGT is not part of
(older?) perl-GSSAPI, does anyone have any idea why this works on el7?
is it a change in the krb5 libs (and if so, does anyone have any idea
which versions have this?)
many thanks,
stijn
On 10/11/2016 08:16 AM, Stijn De Weirdt wrote:
> hi achim,
>
>> just to be sure: The output from both commands with the same kerberos-config?
>> Only the versions of Kerberos-libraries differ?
> the only difference on el7 is the
> "default_ccache_name = KEYRING:persistent:%{uid}" entry in libdefaults.
> (but on el7, when i set KRB5CCNAME to DIR:/something of FILE:, it also
> works)
>
>>
>> In both cases you have run sucessfully the kinit before and have a valid TGT?
> kinit -kt /etc/krb5.keytab works, but i'm trying to get the context
> without a valid TGT present (ie an empty cache). so the output is
> produced without a valid TGT present.
>
>
> stijn
>
>>
>> Best Regards,
>> Achim
>>
>>
>>
>> On Monday 10 October 2016, Stijn De Weirdt wrote:
>>> hi all,
>>>
>>> following the example code in
>>> http://search.cpan.org/~agrolms/GSSAPI-0.23/GSSAPI.pm
>>> i manage to create and list the credentials on a system were no cache
>>> existed before on centos7 (perl-5.16.3-286.el7.x86_64
>>> krb5-libs-1.13.2-12.el7_2.x86_64 perl-GSSAPI-0.28-9.el7.x86_64)
>>>
>>> running with KRB5_TRACE=/dev/stdout, i get
>>>
>>>> using Name host/fqdn@REALM
>>>> Security context's time to live 74391 secs
>>>> seems everything is fine, type klist to see the ticket
>>>>
>>>> [5408] 1476125005.968256: Getting credentials host/fqdn@REALM ->
>>>> host/fqdn@REALM using ccache DIR::/tmp/x1/tktgfp8aQ [5408]
>>>> 1476125005.968489: Retrieving host/fqdn@REALM -> host/fqdn@REALM from
>>>> DIR::/tmp/x1/tktgfp8aQ with result: 0/Success [5408] 1476125005.968609:
>>>> Creating authenticator for host/fqdn@REALM -> host/fqdn@REALM, seqnum
>>>> 252462246, subkey aes256-cts/CBEE, session key aes256-cts/BB8B
>>>
>>> and afterwards klist shows expected
>>>
>>> (fqdn and REALM are replaced)
>>>
>>>
>>> however on EL6 system (perl-5.10.1-141.el6_7.1.x86_64
>>> krb5-libs-1.10.3-57.el6.x86_64 perl-GSSAPI-0.26-6.el6.x86_64),
>>> i get
>>>
>>>> [8576] 1476125499.295546: ccselect can't find appropriate cache for
>>>> server principal host/fqdn@REALM
>>>>
>>>> using Name host/fqdn@REALM
>>>>
>>>> Errors: Unspecified GSS failure. Minor code may provide more information
>>>> Credentials cache file '/tmp/krb5cc_0' not found
>>>> major 851968 minor 2529639107
>>>
>>> my question is: what GSSAPI and/or krb5 version is required to be able
>>> to create a credential cache where non-existed before?
>>>
>>> or can someone shed some light on the error above?
>>>
>>> many thanks,
>>>
>>> stijn
>>>
>>> ---------------------------------------------------------------------------
>>> --- Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Perlgssapi-users mailing list
>>> Per...@li...
>>> https://lists.sourceforge.net/lists/listinfo/perlgssapi-users
>>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Perlgssapi-users mailing list
> Per...@li...
> https://lists.sourceforge.net/lists/listinfo/perlgssapi-users
>
|
