[31646] in Kerberos
Problem with mit2ms - Tickets are not transfered to LSA cache
daemon@ATHENA.MIT.EDU (Christoph Fritz)
Tue Nov 3 02:34:47 2009
MIME-Version: 1.0
Date: Tue, 3 Nov 2009 08:34:04 +0100
Message-ID: <2ed6fd700911022334v2040befcw34c652c22ae33a7e@mail.gmail.com>
From: Christoph Fritz <christoph.fritz@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I'm currently facing a problem when implementing a kerberos based SSO
solution with SAP on Linux and an Active Directory. Usually this works fine
for ABAP and JAVA but in the current environment I have a different
situation.
On the client machine I need the kerberos credentials (TGT) to be stored in
the Windows LSA cache. Usually this happens automatically when logging on to
a Microsoft Domain. Unfortunately I cannot logon from the workstations to my
domain using the windows-logon because I'm using Novell. Besides my Novell
eDirectory there is an Active directory domain.
So I tried the following (maybe a stupid idea):
After windows has logged on to Novell --> start MIT Kerberos Client and
obtain credentials from the Domain controller. After that I get the
following tickets in my local cache:
C:\Programme\MIT\Kerberos\bin>klist
Ticket cache: API:CFRITZ@CFRITZ.TEST
Default principal: CFRITZ@CFRITZ.TEST
Valid starting Expires Service principal
11/02/09 16:22:50 11/03/09 02:22:50 krbtgt/CFRITZ.CORP@CFRITZ.TEST
renew until 11/09/09 16:21:35
Now I have tried to to copy these credential to windows LSA cache using
mit2ms:
C:\Programme\MIT\Kerberos\bin>mit2ms.exe
mit2ms.exe: No credentials cache found while opening MS LSA ccache
Unfortunately kerbtray does not show me any ticket in the LSY cache. Which
parameters do I need for the mit2ms executable or is my idea not working at
all? How can I transfer the tickets from the MIT Client cache to the LSA
cache of Windows?
Thanks in advance
Christoph
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
