on 02-09-2010 5:52 PM
Is there a 64-bit version of the libgssapi_krb5.so available? When I point the snc/gssapi_lib to this file it fails to load. I am trying to set this up on a Solaris 5.10 Sparc 64bit box, and I thought a 32 bit file could still be read by the 64 bit system, but so far it can't.
I tried up dating my LD_LIBRARY_PATH, to include /opt/SFP/krb5-1.6.3/lib, as I thought it was an environment issue, but my unix support seems to think it is an issue with the 32bit lib not being able to be opened on our 64 bit system.
The error states "wrong ELF Class: ELFCLASS32"
Thanks,
Thanks, I had been talking with UNIX about compiling it, but I wanted to be sure 64bit wasn't available. I'll share this link with them and see what they can do, I appreciate the help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Our UNIX team was able to compile the 32 bit into a 64 bit library and now they have loaded successfully.
However, I have a new error now that the libraries have loaded. I think I need to work on getting all the other parts in place in now, because on the domain side we have nothing setup yet. I assume this portion will not work until I have the name properly defined with a domain extension?
SncInit(): Initializing Secure Network Communication (SNC)
N Solaris on SPARCV9 CPU (st,ascii,SAP_UC/size_t/void* = 16/64/64)
N SncInit(): found snc/data_protection/max=1, using 1 (Authentication Level)
N SncInit(): found snc/data_protection/min=1, using 1 (Authentication Level)
N SncInit(): found snc/data_protection/use=1, using 1 (Authentication Level)
N SncInit(): found snc/gssapi_lib=/usr/local/lib/libgssapi_krb5.so
N File "/usr/local/lib/libgssapi_krb5.so" dynamically loaded as GSS-API v2 library.
N The internal Adapter for the loaded GSS-API mechanism identifies as:
N Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
N *** ERROR => SncPGSSImportName()==SNCERR_GSSAPI [sncxxall.c 2637]
N GSS-API(maj): An invalid name was supplied
N Import of a name failed
N name="p:CN=SAPService"
N <<- SncInit()==SNCERR_GSSAPI
N sec_avail = "false"
Edited by: David Harris on Feb 17, 2010 7:09 PM
> N File "/usr/local/lib/libgssapi_krb5.so" dynamically loaded as GSS-API v2 library.
> N The internal Adapter for the loaded GSS-API mechanism identifies as:
> N Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
> N *** ERROR => SncPGSSImportName()==SNCERR_GSSAPI [sncxxall.c 2637]
> N GSS-API(maj): An invalid name was supplied
> N Import of a name failed
> N name="p:CN=SAPService"
What is your instance profile parameter value for
snc/identity/as
Markus
snc/identity/as is set to p:CN=SAPService
I have asked domain support to create a ticket granting user in Active Directory. I had wanted SAPService as the name, but I think they will probably change it.
From note 352295, I also asked them to run the SPN script for the user they create on the domain.
I beleive it would be like this: "SETSPN -A SAPService/dontcare \SAPService"
I then told them to generate my keytab file from AD and send it to me, so I can put it on my own server.
> I tried up dating my LD_LIBRARY_PATH, to include /opt/SFP/krb5-1.6.3/lib, as I thought it was an environment issue, but my unix support seems to think it is an issue with the 32bit lib not being able to be opened on our 64 bit system.
>
> The error states "wrong ELF Class: ELFCLASS32"
yes - because a 64bit program can't load a 32bit library.
You can compile your own:
http://osdir.com/ml/encryption.kerberos.general/2004-11/msg00007.html
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.