cURL / Mailing Lists / curl-library / Single Mail

curl-library

negotiate on Solaris

From: Rob Crittenden <rcritten_at_redhat.com>
Date: Thu, 21 May 2009 13:25:36 -0400

On Solaris 9 I'm having an issue where --negotiate isn't working because
the wrong mechanism is being used. The error I see is:

gss_init_sec_context() failed: : mech_dh: No secret key

The problem can be fixed by re-ordering /etc/gss/mech to have kerberos
first (it is currently one of the Diffie-Hellman algos).

My question is: Is this the accepted way of doing it?

An alternative would be to pass in the kerberos OID to
gss_init_sec_context() as the mechanism. I did this by passing the krb5
OID string to gss_str_to_oid() and using the resulting token in the
gss_init_sec_context() call.

My GSS-API mech file is dated 2004 so I'm assuming it was copied off the
install CD and never touched since. I don't want to assume that bad
things won't happen if I re-order the file :-)

thanks

rob

Received on 2009-05-21