[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KRB5_AP_ERR_MODIFIED from win 2003 in version heimdal-0.8-rc1

To: "Inna Bort-Shatsky" <inna@decru.com>
Subject: Re: KRB5_AP_ERR_MODIFIED from win 2003 in version heimdal-0.8-rc1
From: Michael B Allen <mba2000@ioplex.com>
Date: Wed, 20 Dec 2006 21:40:58 -0500
Cc: heimdal-discuss@sics.se
In-Reply-To: <7A3FB56E2AC9A6468DE93336588F757930DA4E@RWCEXC01.HQ.DeCru.com>
References: <7A3FB56E2AC9A6468DE93336588F757930DA4E@RWCEXC01.HQ.DeCru.com>
Sender: owner-heimdal-discuss@sics.se

On Wed, 20 Dec 2006 15:42:26 -0800
"Inna Bort-Shatsky" <inna@decru.com> wrote:

> We have application that worked perfect with heimdal-0.5.1 version. Last
> week I updated heimdal to heimdal-0.8-rc1 and now I receive an
> KRB5_AP_ERR_MODIFIED error.
>   
> The steps we did before and worked OK before:
>  
> 1. Get credential with gss_acquire_cred api.
> 2. Get delegated credential with gss_accept_sec_context.    
> 3. Call gss_init_sec_context with received delegated credential and now
> I get an error KRB5_AP_ERR_MODIFIED from windows 2003 KDC.
>  
> May be some one knows how I can troubleshoot this problem?

It would be informative to know how 0.7.2 behaves. The later 0.8 releases
have a significantly reworked GSSAPI. I know Love said there was still
some work required wrt error reporting. It could be a bogus message
(take a capture and see if there's something obvious). Or it could be
something to do with flags. Probably something simple. I know 0.7.2
works fine in the gss delegation scenario.

Mike

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/

References:
- KRB5_AP_ERR_MODIFIED from win 2003 in version heimdal-0.8-rc1
  - From: "Inna Bort-Shatsky" <inna@decru.com>

Prev by Date: Re: pkinit with smartcard
Next by Date: 簡単・確実・高

収入！！
Prev by thread: KRB5_AP_ERR_MODIFIED from win 2003 in version heimdal-0.8-rc1
Next by thread: Re: KRB5_AP_ERR_MODIFIED from win 2003 in version heimdal-0.8-rc1
Index(es):
- Date
- Thread