Subject: RE: [Ipsec-tools-devel] IPSec with Racoon and Kerberos working !!!! still
have some questions.
From: Nathan Herring <[hidden email]>
To: sandy s <[hidden email]>,
[hidden email] Date: Tue, 13 Dec 2005 03:37:29 -0800
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.0.0
Also, this should get followed up on the MIT Kerberos list so that they
can fix the problems with GSS_C_NO_OID (that should work; you shouldn't
have to replace it).
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Sent: Tuesday, December 13, 2005 1:16 AM
To: [hidden email] Subject: [Ipsec-tools-devel] IPSec with Racoon and Kerberos working !!!!
still have some questions.
I was able to do an IPsec connection with kerberos as auth method.
Define GSS_KRB5_NT_PRINCIPAL_NAME as kerberos OID, replace all the
GSS_C_NO_OID in gss_canonicalize_name() to GSS_KRB5_NT_PRINCIPAL_NAME.
Get TGT for both client and server. Issue a ping. This will use kerberos
as auth method.
I have a query, If I dont have the TGT on the other side, I get errors.
Is TGT required on the other side ?