gss-client

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

gss-client

Imanuel Greenfeld
Dear all,

 

I compiled your sample for gss-client.

 

I run :-

 

kinit -V -kt <keytab> <user> and got a ticket created.

 

klist

 

I then tried running :-

 

gss-client  -port 8080 -d -mech kerberos_v5 <destination server> sftp "ls"

 

but I'm getting :-

 

               GSS-API error str_to_oid; Unspecified GSS failure. Minor code
may provide more information.

               GSS-API error str_to_oid; Unknown error

               GSS-API error initializing context : Unspecified GSS failure.
Minor code may provide more information.

               GSS-API error initializing context : Server not found in
Kerberos database.

 

I have been told that the server I'm running gss-client on does not to be
permissioned.  But I don't know how to "attach" the TGT to the gss-client  

 

I tried doing it all on the same command, for example :-

 

kinit -V -kt <keytab> <user> ; gss-client  -port 8080 -d -mech kerberos_v5
<destination server> sftp "ls"

 

But I'm getting the same errors.

 

I am not running gss-server because there is already a different server
which has Kerberos configured so I'm just trying to connect to it (as above
: <destination server>)

 

I'm on Sun Solaris.

 

Can you please help ?

 

Many thanks in advance.

 

Imanuel.

 

 

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: gss-client

Benjamin Kaduk-2
On Wed, Dec 20, 2017 at 10:16:31PM +0000, Imanuel Greenfeld wrote:

>
>  
>
> gss-client  -port 8080 -d -mech kerberos_v5 <destination server> sftp "ls"
>
>  
>
> but I'm getting :-
>
>  
>
>                GSS-API error str_to_oid; Unspecified GSS failure. Minor code
> may provide more information.
>
>                GSS-API error str_to_oid; Unknown error
>
>                GSS-API error initializing context : Unspecified GSS failure.
> Minor code may provide more information.
>
>                GSS-API error initializing context : Server not found in
> Kerberos database.
[...]
>
> I am not running gss-server because there is already a different server
> which has Kerberos configured so I'm just trying to connect to it (as above
> : <destination server>)

It will be really hard to debug "server not found in Kerberos
database" if you are trying to redact the "<destination server>"
that you are trying to use.

It also looks like (from src/appl/gss-sample/README in the source
tree) that you should only expect things to work properly if the
remote end is running an actual "gss-server" binary (that is, a
GSS-enabled sftp server will choke on the input that gss-client
sends).  But it seems that your errors are occuring before that
stage.

-Ben
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos