[cups.development] Kerberos multiple personalities
Michael R Sweet
msweet at apple.com
Thu Nov 6 09:44:49 PST 2008
Andy Polyakov wrote:
> ...
> Next I create HTTP/server principal [and naturally merge corresponding
> keys to cupsd's keytab]. Attempt to connect results in end-less loop in
> Firefox, i.e. it attempts to connect and reconnects, and reconnects,
> etc. Nothing is logged in error_log unless I increase LogLevel to debug.
> In which case I can see following debug messages:
>
> cupsdAcceptClient: 11 from xx.xx.xx.xx:631 (IPv4)
> cupsdReadClient: 11 GET /admin HTTP/1.1
> get_gss_creds: Attempting to acquire credentials for ipp at server...
> get_gss_creds: Credentials acquired successfully for ipp at server.
> cupsdAuthorize: Error accepting GSSAPI security context: Unspecified GSS
> failure. Minor code may provide more information, Unknown code krb5 144
Sounds like a mismatch in Kerberos versions on that system or a
bad install. It could also be a bug in the version of Kerberos you
have installed...
> ...
> KDC is Heimdal, while cupsd and clients are linked with [various
> versions of] MIT libraries. A.
You need recent releases of MIT Kerberos for things to work at all.
Older MIT Kerberos releases have too many bugs to work with CUPS...
--
______________________________________________________________________
Michael R Sweet Senior Printing System Engineer
More information about the cups
mailing list