Hi all,

I have the KDC in windows 2003 server.kerberos client I am running at linux
machine. I have added on user in my AD as gssserver . same gssserver account
I am able to login from linux machine. I am getting TGT.But I am not able to
run gss-server sample application.

../gss-server test/linux.gxboss.com@GXBOSS.COM

GSS-API error acquiring credentials: Unspecified GSS failure. Minor code
may provide more information

GSS-API error acquiring credentials: No such file or directory

I wanted an environment like sspiclient (gssclient) in windows should
mutually authenticate linux gssserver using same windows KDC.

Can please help me

C:\Program Files\Resource Kit>SETSPN -A test/linux gssserver

Registering ServicePrincipalNames for CN=gssserver,CN=Users,DC=gxboss,DC=com


Updated object

C:\Program Files\Resource Kit>Setspn.exe -L gssserver

Registered ServicePrincipalNames for CN=gssserver,CN=Users,DC=gxboss,DC=com:






C:\ktpass>ktpass -out test.keytab -princ test/linux.gxboss.com@GXBOSS.COM
-pass infoseclab -crypto DES-CBC-CRC -ptype KRB5_NT_PRINCIPAL -kvno 9

Key created.

Output keytab to test.keytab:

Keytab version: 0x502

keysize 59 test/linux.gxboss.com@GXBOSS.COM ptype 1 (KRB5_NT_PRINCIPAL) vno
9 et

ype 0x1 (DES-CBC-CRC) keylength 8 (0xc4da9d4591a21c76)

I transferred this key tab file to Linux machine and merged with
/etc/krb5.keytab using ktutil

I am not able to execute gss-server.......... please give a solution , I am
struggling for this problem from so long time.

Thank you

Eswar S

************************************************** **************************

This e-mail and attachments contain confidential information from HUAWEI,
which is intended only for the person or entity whose address is listed
above. Any use of the information contained herein in any way (including,
but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended recipient's) is
prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

Kerberos mailing list Kerberos@mit.edu