[29227] in Kerberos
Interoperability between Linux KDC - Windows client
daemon@ATHENA.MIT.EDU (Priya Govindarajan)
Mon Feb 11 21:50:55 2008
To: kerberos@mit.edu
MIME-Version: 1.0
Message-ID: <OF2AF8F176.C500E305-ON872573ED.000E8433-882573ED.000E9E01@us.ibm.com>
From: Priya Govindarajan <govindap@us.ibm.com>
Date: Mon, 11 Feb 2008 18:40:22 -0800
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I have some questions on interoperbility while kerberizing an application
to provide Single Sign On support. Currently implementation uses GssAPI
for linux kdc/server in linux/client in Linux and SSPI for Windows AD/
server on windows/client on windows.
I am trying the following interoperability case where Linux KDC , Server
on Linux and client on Windows. MIT leash is installed on windows machine
and I am able to get the TGT from the Linux KDC. The logon authentication
does not seem to happen through Linux kdc. Followed the steps here -
http://technet.microsoft.com/en-us/library/bb742433.aspx
The application fails when windows client tries to initiliaze context
(through SSPI calls) with no credentials found message. I am noticing that
LSA cache does not have the credential but the MIT cache does.
I see ms2mit in Leash to convert LSA cache to MIT cache. Is there a way to
authenticate windows client using Linux KDC and populate LSA cache for
windows InitializeSecurityContext SSPI calls to pass. Or should i be
calling gss_init_sec_context(which would read KRB5CCNAME location) instead
of windows SSPI calls.
Thanks,
Priya
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
