使用cocoa OSX应用程序,Mac绑定活动目录并以active-dir用户身份登录。
在初始化GSS安全上下文时获取未知服务器错误:使用服务器提供的PrincipalName。
gss_init_sec_context
major: unknown routine error
minor: Server (krbtgt/LOCAL@XYZ.LOCAL)unknown while looking up 'WIN- ****$/xyz.local@LOCAL' (cached result, timeout in 167 sec)
Klist -5在终端上显示这些:
Credentials cache: API:DD4CC511-7BE2-4267-9923-6C8ABCD9297D
Principal: user@XYZ.LOCAL
Issued Expires Principal
Nov 5 17:21:23 2015 Nov 6 03:21:23 2015 krbtgt/XYZ.LOCAL@XYZ.LOCAL
因为关闭了这个错误,我改变了这样的ker5.conf文件:
[libdefaults]
default_realm = XYZ.LOCAL
renewable = true
forwardable= true
ticket_lifetime = 20d
renew_lifetime = 1d
default_tgs_enctypes = aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5
[domain_realm]
xyz.com = XYZ.LOCAL
.xyz.com = XYZ.LOCAL