Kevin
2016-03-22 21:17:46 UTC
Hi everybody,
First of all, I would like to tell you that I'm French, and I apologize for
my speaking.
So, here is the actual configuration of my network :
- One KDC on "TESTING.TR" domain (Debian-8.3.0)
- One client to that domain (Debian-8.3.0),
- An other KDC on "KERBEROS.KR" domain (Debian-8.3.0),
- An other client to that second domain (Debian-8.3.0),
- And a last Debian-8.3.0 machine on which a Python script based on
HTTPServer run with the "python-kerberos" library.
All is working fine, when I use a client to reach the python script, it let
me access the "/index.html" page if I have a TGT.
The difference between the hosts's domains is made by "/etc/hosts" files.
Then, to contact the appropriate KDC depending on which client is requesting
the python script, I use a keytab with the 2 following services on it :
- HTTP/***@TESTING.TR
- HTTP/***@KERBEROS.KR
So in my script, I specified the two services by :
- ***@webapp.testing.tr
- ***@webapp.kerberos.kr
Again, All is working fine ! (On Debian....)
Indeed, when I try to use that script on a FreeBSD 10.1, I meet the
following problem :
I have to specify the "default_realm" in the /etc/krb5.conf, if not the
"authGSSServerInit("***@bsd."+realm)" method can't initialise the kerberos
context with the keytab. I am persuaded that the "gss_import_name()"
function failed to put "@KERBEROS.KR" or "@TESTING.TR" according to the
service "bsd.testing.tr" or "bsd.kerberos.kr".
So I would like to know how to set the service without setting the
"default_realm" in /etc/krb5.conf.
In Debian-8.3.0 I don't have this problem, the "default_realm" is not
specified and all is working fine..
Any help would be very appreciated, I have read the python-kerberos and
libkrb5-1.4 source code but I can't find any solution to my problem,
apparently it is the "gss_import_name()" function that cause problem.
I can past the content of my configuration files if you want.
Thank you for any help !
Kevin
--
View this message in context: http://kerberos.996246.n3.nabble.com/gss-import-name-and-default-realm-tp45171.html
Sent from the Kerberos - Dev mailing list archive at Nabble.com.
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
First of all, I would like to tell you that I'm French, and I apologize for
my speaking.
So, here is the actual configuration of my network :
- One KDC on "TESTING.TR" domain (Debian-8.3.0)
- One client to that domain (Debian-8.3.0),
- An other KDC on "KERBEROS.KR" domain (Debian-8.3.0),
- An other client to that second domain (Debian-8.3.0),
- And a last Debian-8.3.0 machine on which a Python script based on
HTTPServer run with the "python-kerberos" library.
All is working fine, when I use a client to reach the python script, it let
me access the "/index.html" page if I have a TGT.
The difference between the hosts's domains is made by "/etc/hosts" files.
Then, to contact the appropriate KDC depending on which client is requesting
the python script, I use a keytab with the 2 following services on it :
- HTTP/***@TESTING.TR
- HTTP/***@KERBEROS.KR
So in my script, I specified the two services by :
- ***@webapp.testing.tr
- ***@webapp.kerberos.kr
Again, All is working fine ! (On Debian....)
Indeed, when I try to use that script on a FreeBSD 10.1, I meet the
following problem :
I have to specify the "default_realm" in the /etc/krb5.conf, if not the
"authGSSServerInit("***@bsd."+realm)" method can't initialise the kerberos
context with the keytab. I am persuaded that the "gss_import_name()"
function failed to put "@KERBEROS.KR" or "@TESTING.TR" according to the
service "bsd.testing.tr" or "bsd.kerberos.kr".
So I would like to know how to set the service without setting the
"default_realm" in /etc/krb5.conf.
In Debian-8.3.0 I don't have this problem, the "default_realm" is not
specified and all is working fine..
Any help would be very appreciated, I have read the python-kerberos and
libkrb5-1.4 source code but I can't find any solution to my problem,
apparently it is the "gss_import_name()" function that cause problem.
I can past the content of my configuration files if you want.
Thank you for any help !
Kevin
--
View this message in context: http://kerberos.996246.n3.nabble.com/gss-import-name-and-default-realm-tp45171.html
Sent from the Kerberos - Dev mailing list archive at Nabble.com.
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev