Hi,
during the test of the adsso Kerberos authentication for Web, i could see in the nasm.log that there are some files missing:
[nasm] hi_i_m_child(): excvp('/bin/ntlm_krb5_setup.sh') failed for 'No such file or directory'
initialize_kerberos(): gss_acquire_cred HOST/AFWXGTEST01@INTERN.LOCAL: Key table file '/etc/krb5.keytab' not found
after i renamed the /content/nasm/etc/ntlm_krb5.sh to ntlm_krb5_setup.sh and change some values in the script
#!/bin/sh
export KRB5_KTNAME=FILE:/tmp/krb5.keytab
MYNBNAME=fwxg01$4
/bin/rm /tmp/krb5.keytab
/oss/net -U "$1%$2" ads keytab add HTTP/$MYNBNAME.demo.io@$3
/oss/net -U "$1%$2" ads keytab add host/$MYNBNAME.demo.io@$3
/oss/net -U "$1%$2" ads keytab add HTTP/$MYNBNAME.$3@$3
/oss/net -U "$1%$2" ads keytab add host/$MYNBNAME.$3@$3
/oss/net -U "$1%$2" ads keytab add HTTP/$MYNBNAME@$3
/oss/net -U "$1%$2" ads keytab add host/$MYNBNAME@$3
/oss/net -U "$1%$2" ads keytab add HOST/$MYNBNAME@$3
exit 0
i got a valid krb5.keytab file which i linked from the /content/nasm/etc/krb5.keytab to the /content/nasm/etc/krb.keytab
but now i got an Kerberos decrypting error in the nasm.log
[ntlmserver] authenticate_kerberos(): gss_accept_sec_context: Request ticket server HTTP/fwxg01.demo.io@DEMO.IO kvno 2 enctype aes256-cts found in keytab but cannot decrypt ticket
With EAP1 and EAP2 it was working.
Are there any settings missed, or is the feature actually broken?
Best regards,
Markus
