[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

heimdal and solaris 10 gssapi troubles



Hi all,

I have lots of solaris 8 boxes running heimdal 0.7.2 + openssh. As KDC I
use MS AD. Everything works fine in terms of SSO. Silly thing however
happens when I login on solaris 8 box (again heimdal 0.7.2 + openssh)
from solaris 10 with stock sun's ssh. Namely, 

first step: solaris 10 (stock gssapi+ssh) to solaris 8 (heimdal+openssh)
works
second step: solaris 8 (heimdal+openssh) with delegated from solaris 10
creds to solaris 8 (heimdal+openssh) does not. I do not remember exact
error message, but it sounds like "something went wrong with GSSAPI".

I have compared creds, which I delegate to solaris 8 from another
solaris 8 box with creds, which I delegate to solaris 8 box from solaris
10 box. The difference is only in presence of "session key" in creds
coming from solaris 10. Namely, "kinit -v" does not show any "session
key" if I login on solaris 8 from solaris 8.

Do you know if there are any interoperabilty issues between heimdal
0.7.2 and stock solaris 10 kerberos implementations?

thanx a lot and best regards, vadim tarassov