Hi All, Used debug level 10 to determine that the krb5_kt_resolve call failed when verifying incoming ticket. Determined that the call failed at libads/kerberos_verify.c:56; ret = krb5_kt_resolve(context, keytab_name, keytab); if (ret) return ret; in other words a non-zero return value is an error. mit-krb5-1.3.1 does not support memory keytabs, at least without extra coding (i.e. krb5_kt_register, but I could not find the appropriate krb5_kt_ops to use, more about this later. Tried to find out why manifest constant HAVE_MEMORY_KEYTAB is set to true. Found in the configure.in file that the logic sense is inverted (if I am reading this correctly); AC_TRY_RUN([ #include<krb5.h> main() { krb5_context context; krb5_keytab keytab; krb5_init_context(&context); if (krb5_kt_resolve(context, "MEMORY:", &keytab)) exit(0); exit(1); }], samba_cv_HAVE_MEMORY_KEYTAB=yes, samba_cv_HAVE_MEMORY_KEYTAB=no)]) if test x"$samba_cv_HAVE_MEMORY_KEYTAB" = x"yes"; then AC_DEFINE(HAVE_MEMORY_KEYTAB,1, [Whether in-memory keytabs are supported]) fi The code in kerberos_verify.c does not seem ready to handle any other keytab type in the function setup_keytab. I'm not sure if this is correct, and I am not certain how to proceed at this point. 1. Should the code work properly if the configure.in script is fixed? (i.e. do not use memory keytabs) 2. Is the strategy to use memory keytabs by way of krb5_kt_register/krb5_kt_ops? 3. Is there something that I am completely missing? Please note: I'm in the middle of a clean compile so I don't know if there are more issues to follow from this. Thanks, jonw
Fixed configure.in and then regenerated configure. Could now authenticate to Win2K ADS. Logs look good from quick glance. BTW - I do not have CVS access so I will leave it to you to resolve this bug. BTW - I was looking into another bug, I could not see/change the permissions of a directory from the win2K clinet. Files work fine. Any suggestions? Will open another bug.
*** Bug 863 has been marked as a duplicate of this bug. ***
Yup. The logic appears backwards. Fix checked in. Thanks.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.