Skip Menu |
 

Subject: Windows 2003 SP1 ktpass.exe generate keytab files fail to load with 1.4
When using a ktpass.exe generated keytab file the following error is
produced from krb5_gss_acquire_cred():

[c:\]gss-server -port 4242 -verbose -threads 5
sample@dc.windows.secure-endpoints.com
GSS-API error acquiring credentials: Miscellaneous failure
GSS-API error acquiring credentials: Unknown Key table type
It appears there is no problem with the keytab processing code in 1.4.
The problem is incorrect data being generated by ktpass.exe given
certain state. I caused the program to crash as well. I assume that
memory overwrites within the program were generating bad data.

The version information follows:

--a-- W32i APP ENU 5.2.3790.1218 shp 86,528 07-26-2004 ktpass.exe

I have sent a crash report to Microsoft.

In the meantime, it should be noted that if you ever alter the mapped
SPN or change the use of the "DES only" flag on an account, you MUST
reset the password on the account in the Active Directory tool.
Otherwise, ktpass will generate bad data.

The password and kvno input to ktpass will not produce the correct
result. Make sure that the kvno of the account increments when the
reset password is performed. If it doesn't, you will need to do it again.

There is another problem I need to look into. The use of the
KRB5_KTNAME environment variable is being ignored on Windows.
I am resolving this ticket. The problem with the environment variable
is due to the use of getenv() vs GetEnvironmentVariable(). We need to
move to using the non-C RTL version which can only see the contents of
the RTL state and not that of the process as a whole.