Troubleshooting Kerberos Related Products

Troubleshooting GSS-API

Other Common Causes of Errors

Other common causes of errors include the following:

If KRB5-Client product is not installed, you can get an error trying to use gssapi with /etc/gss/mech configured to krb5_mech.

Improper permissions of the libgssapi_krb5.sl / libgssapi_krb5.so library.

Specifying the full path of the backend library in the /etc/gss/mech (for example, when using the 64-bit library, one should not specify the library path as /usr/lib/pa20_64/gss/libgssapi_krb5.sl, but only as libgssapi_krb5.sl ; then the 64-bit libgss.sl library will take care of linking it).

Absence of GSS-API configuration files.

In case of GSSAPI-SSPI interoperability, the entries must use the DES-CBC-MD5 encryption type instead of the default DES-CBC-CRC.

NOTE

There is a sample GSS-API client-server application in the

 

/usr/contrib/gssapi/sample directory that you can use for

 

troubleshooting.

 

You can find additional GSS-API Error Codes from the Appendix A of

 

 

MIT’s Kerberos V5 System Administrator’s Guide.

Chapter 4

99