[27965] in Kerberos
RE: Kerberos5 with sap and linux
daemon@ATHENA.MIT.EDU (Barbat, Calin)
Wed Jun 20 03:33:57 2007
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 20 Jun 2007 09:33:21 +0200
Message-ID: <57069FBE369FC44ABD962AA025FBEF67015C446C@EXC-MCHVS01.mch.osram.de>
In-Reply-To: <OF3A08ABAF.3D640B61-ONC12572FF.0045A5FA-C12572FF.0046B40A@gebr-heinemann.de>
From: "Barbat, Calin" <c.barbat@osram.de>
To: <T_Kast@gebr-heinemann.de>, <kerberos@mit.edu>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Dear Thomas,
are you using MIT Kerberos or Heimdahl Kerberos? Many Linux distributions package Heimdahl, which is not as good as MIT...
Mit freundlichem Gruß / Kind regards / Cordialement
Calin Barbat
-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of T_Kast@gebr-heinemann.de
Sent: Tuesday, June 19, 2007 2:52 PM
To: kerberos@mit.edu
Subject: Kerberos5 with sap and linux
Dear kerberos experts,
i followed a description from c.barbat i found at mit kerberos list to validate kerberos.
my environment is:
RH REL Red Hat 3.4.6-2 64-bit with
Kerberos krb5-libs-1.3.4-27 (Standard from RH) SAP WEB AS Version 6.40
what i did.
* i generated the snckrb5.so as described
* i got a keytab file from the windows guys
* i compiled the gsstest utility from sap sdn
* i did a kinit for the sap<sid> User
* before i start with sap stuff i tried gsstst wich allready fails with following errors:
"SAPService/gh.de@GH.DE"
Nametype oid = {1 2 840 113554 1 2 2 1} NT=
GSS_KRB5_NT_PRINCIPAL_NAME
TEST: Examining the exported name framing
Framing details for exported name (Section 3.2, GSS-API v2 spec):
TOK_ID : 00000: 04 01
MECH_OID_LEN = 11 : 00002: 00 0b
OID tag : 00004: 06
OID len = 9 : 00005: 09
OID elements : 00006: 2a 86 48 86 f7 12 01 02 02
= {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
NAME_LEN = 22 : 0000f: 00 00 00 16
NAME : 00013: 53 41 50 53 65 72 76 69 SAPServi
0001b: 63 65 2f 67 68 2e 64 65 ce/gh.de
00023: 40 47 48 2e 44 45 @GH.DE
Status: gss_release_name() ==
(GSS_S_CALL_INACCESSIBLE_READ|GSS_S_BAD_NAME)
gss_display_status(0x01020000,GSS_S_GSS_CODE) =
"A required input parameter could not be read"
"An invalid name was supplied"
names.c(251): ERROR: (gss_name_t)out_name was not zeroed by
gss_release_name()!
RESULT NOT ok (rc=2)
Can anyone provide my a snckrb5.so file for my platform, or better give me some hints what went wrong ?
thanks
Thomas
-------
Gebr. Heinemann Kommanditgesellschaft - Hamburg - Registergericht Hamburg - HR A 15017
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
