Thread: [Perlgssapi-users] Little bit confused ...
Brought to you by:
achimgrolms
Menu
▾
▴
perlgssapi-users
|
From: Massimiliano M. <mas...@ce...> - 2006-08-30 15:31:58
|
Hello,
I'm trying to develop something with perl GSSAPI.
I've two test machine, pcitadc05.cern.ch (where I'm testing the clients)
and higgs.massicern.ch, the kdc.
In the kdc, with heimdal, I've created the server
ipmi/hig...@MA...
With the getcred example, everythings seems to works:
higgs:~/.cpan/build/GSSAPI-0.23/examples# klist
klist: No ticket file: /tmp/krb5cc_0
V4-ticket file: /tmp/tkt0
klist: No ticket file (tf_util)
higgs:~/.cpan/build/GSSAPI-0.23/examples# ./getcred_hostbased.pl ipmi
using Name ipmi/hig...@MA...
Errors: Miscellaneous failure (see text)
open(/tmp/krb5cc_0): No such file or directory
higgs:~/.cpan/build/GSSAPI-0.23/examples# kinit max
ma...@MA...'s Password:
higgs:~/.cpan/build/GSSAPI-0.23/examples# ./getcred_hostbased.pl ipmi
using Name ipmi/hig...@MA...
Security context's time to live 35998 secs
seems everything is fine, type klist to see the ticket
higgs:~/.cpan/build/GSSAPI-0.23/examples# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: ma...@MA...
Issued Expires Principal
Aug 30 16:14:26 Aug 31 02:14:26 krbtgt/MAS...@MA...
Aug 30 16:14:28 Aug 31 02:14:26 ipmi/hig...@MA...
V4-ticket file: /tmp/tkt0
klist: No ticket file (tf_util)
Then, I run the server:
higgs:~/.cpan/build/GSSAPI-0.23/examples# ./gss-server.pl ip...@hi... -port 10000 -hostname higgs.massicern.ch -keytabfile=/etc/krb5.keytab
./gss-server.pl: using [higgs.massicern.ch:10000]
SERVER set environment variable KRB5_KTNAME to FILE:/etc/krb5.keytab
Listening on port 10000 ...
SERVER::waiting for request ...
and then the client:
mascanc@pcitadc05 ~/Desktop/GSSAPI-0.23/examples $ ./gss-client.pl -hostname higgs.massicern.ch -prodid ipmi/higgs.massicern.ch
./gss-client.pl: -port not specified, defaulting to 10000
./gss-client.pl: using [ipmi/hig...@hi...:10000]
CLIENT::principal [ipmi/hig...@hi...] means going to communicate with server name [ipmi/hig...@hi...]
Use of uninitialized value in subroutine entry at ./gss-client.pl line 88.
CLIENT::Unable to initialize security context:
MAJOR::Unspecified GSS failure. Minor code may provide more information
MINOR::Server not found in Kerberos database
And the server says:
SERVER::waiting for request ...
SERVER::accepted connection from client ...
Use of uninitialized value in subroutine entry at ./gss-server.pl line 78.
SERVER::received token (length is 0):
SERVER::waiting for request ...
Have you any idea???
Thank you for your work!!!
Bye
--
Massimiliano Masi
http://www.comunidelchianti.it/~max
|
|
From: Achim G. <ac...@gr...> - 2006-08-30 16:06:46
|
On Wednesday 30 August 2006 17:31, Massimiliano Masi wrote: > MINOR::Server not found in Kerberos database I think -prodid ipmi/higgs.massicern.ch is wrong, use -prodid ipmi instead. Achim |
|
From: Massimiliano M. <mas...@ce...> - 2006-08-31 07:17:29
|
On Wednesday 30 August 2006, alle 18:06, Achim Grolms wrote:
> I think -prodid ipmi/higgs.massicern.ch is wrong, use -prodid ipmi instead.
Thanks a lot for your answer. But still doesn't works... Using ipmi as prodid
(BTW, what's the meaining of prodid?) I got something new:
mascanc@pcitadc05 ~/Desktop/GSSAPI-0.23/examples $ ./gss-client.pl -hostname higgs.massicern.ch -prodid ipmi -port 10000
./gss-client.pl: using [ip...@hi...:10000]
CLIENT::principal [ip...@hi...] means going to communicate with server name [ip...@hi...]
Use of uninitialized value in subroutine entry at ./gss-client.pl line 88.
CLIENT::gss_init_sec_context success
CLIENT::going to identify client to server
CLIENT::have token to send ...
CLIENT::GSS token length is 538
CLIENT::sent token to server
Segmentation fault
And in the server side:
SERVER::waiting for request ...
SERVER::accepted connection from client ...
SERVER::received token (length is 538):
SERVER::authenticated client name is ma...@MA...
Argument "^XQ,@" isn't numeric in null operation at ./gss-server.pl line 81, <GEN15> line 1.
(in cleanup) oid has no value at ./gss-server.pl line 81, <GEN15> line 1.
SERVER::waiting for request ...
Have you any idea???
Many, many thanks!
--
Massimiliano Masi
http://www.comunidelchianti.it/~max
|
|
From: Achim G. <ac...@gr...> - 2006-08-31 17:50:04
|
On Thursday 31 August 2006 09:17, Massimiliano Masi wrote: I can see two problems. 1. The Segmentation fault from your client script. I can not reproduce it on my side. 2. the "Argument "^XQ,@" isn't numeric in null operation at ./gss-server.pl line 81, <GEN15> line 1." messages on serverside. I've made adjustments on gss-client.pl and gss-server.pl. I've commit them to the Subveriosn-repository https://svn.sourceforge.net/svnroot/perlgssapi/GSSAPI/trunk Please check what results you get by using the modified version. I don't know what's the meaining of the word 'prodid', but the parameter is used as the servicename-part of the GSSAPI name, as described in <http://www.iana.org/assignments/gssapi-service-names> I think "servicename" is the better label than "prodid". Do you agree? Thank you, Achim |
|
From: Massimiliano M. <mas...@ce...> - 2006-09-01 07:40:50
|
Hello,
On Thursday 31 August 2006, alle 19:49, Achim Grolms wrote:
> I can see two problems.
>
> 1. The Segmentation fault from your client script.
> I can not reproduce it on my side.
If you need, I can give you access to the server and client machine.
This is not a problem. We can investigate together.
> 2. the "Argument "^XQ,@" isn't numeric in null operation at ./gss-server.pl
> line 81, <GEN15> line 1."
> messages on serverside.
Yes. With your updated version, the server remains alive, without
any problems. The problems still persist on the client side.
I still got the SIGSEGV. I see stracing a little bit, a problem here:
stat64("/usr/local/etc/krb5.conf", 0xbff5a32c) = -1 ENOENT (No such file or directory)
open("/dev/urandom", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
read(4, "\235\fn\35\252%+62L\"$\231P-3\246\251?>", 20) = 20
close(4) = 0
gettimeofday({1157096241, 408163}, NULL) = 0
time(NULL) = 1157096241
time(NULL) = 1157096241
time(NULL) = 1157096241
time(NULL) = 1157096241
time(NULL) = 1157096241
time(NULL) = 1157096241
time(NULL) = 1157096241
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Just at the exit of the $status = GSSAPI::Context::init().
> I don't know what's the meaining of the word 'prodid', but the parameter is
> used as the servicename-part of the GSSAPI name, as described in
> <http://www.iana.org/assignments/gssapi-service-names>
> I think "servicename" is the better label than "prodid".
> Do you agree?
Yes !!! :)
>
> Thank you,
> Achim
By the way, are you german? :)
If so, and if you live in germany, we are close! :)
--
Massimiliano Masi
http://www.comunidelchianti.it/~max
|
|
From: Achim G. <ac...@gr...> - 2006-09-01 16:16:24
|
On Friday 01 September 2006 09:40, Massimiliano Masi wrote: > Yes. With your updated version, the server remains alive, without > any problems. The problems still persist on the client side. send me the output of krb5-config --version perl -v uname -a Do you use a self-installed version of Kerberos? (Why don't you use the Kerberos of your OS-distribution?) > By the way, are you german? :) yes. > If so, and if you live in germany, we are close! :) I live in Germany. <http://paderborn.pm.org/> Why are we close? Achim |
|
From: Massimiliano M. <mas...@ce...> - 2006-09-04 06:51:37
|
Hi, On Friday 01 September 2006, alle 18:16, Achim Grolms wrote: > send me the output of > > krb5-config --version > perl -v > uname -a Yes, this is the output: CLIENT SIDE: root@pcitadc05:~# krb5-config --version Kerberos 5 release 1.5 root@pcitadc05:~# perl -v This is perl, v5.8.7 built for i486-linux-gnu-thread-multi (with 1 registered patch, see perl -V for more detail) Copyright 1987-2005, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using `man perl' or `perldoc perl'. If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page. root@pcitadc05:~# uname -a Linux pcitadc05 2.6.15-26-server #1 SMP Thu Aug 3 04:09:15 UTC 2006 i686 GNU/Linux root@pcitadc05:~# SERVER SIDE: higgs:~# krb5-config --version heimdal 0.7.2 $Id: krb5-config.in,v 1.10.2.1 2006/02/03 15:01:28 lha Exp $ higgs:~# perl -v This is perl, v5.8.4 built for i386-linux-thread-multi Copyright 1987-2004, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using `man perl' or `perldoc perl'. If you have access to the Internet, point your browser at http://www.perl.com/, the Perl Home Page. higgs:~# uname -a Linux higgs 2.6.8-2-386 #1 Tue Aug 16 12:46:35 UTC 2005 i686 GNU/Linux > Do you use a self-installed version of Kerberos? On the client side, I'm using the kerberos distribution of UBUNTU, and on the server, I've compiled heimdal, for mantaining a version compatibility with the heimdal installed at CERN. > > If so, and if you live in germany, we are close! :) > > I live in Germany. > <http://paderborn.pm.org/> > Why are we close? Because I'm in Switzerland, a Geneve! :-) Best, -- Massimiliano Masi http://www.comunidelchianti.it/~max |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X