Subject: Re: Kerberos IV vs. Kerberos V
To: Patrick Hartling <>
From: Tracy J. Di Marco White <>
List: current-users
Date: 07/11/2000 16:57:40
Patrick Hartling <> wrote:
} (Johan Danielsson) wrote:
}} Patrick Hartling <> writes:
}} > I have an /etc/krb5.conf that has some Kerberos IV bits in it, but I
}} > am unable to get my K5 tickets converted to the Kerberos IV tickets
}} > that I need.
}} What are those bits? -current doesn't use MIT krb5, so there might be
}} differences. My impression (form reading the manpage) is that v4
}} compat is wither built-in (in the MIT kinit) or not.
}I have attached my /etc/krb5.conf file.  I don't claim to understand it
}completely since I copied it from one of the Alpha machines here on
}campus and modified what I knew needed to be changed (paths mainly).
}} kinit -4 should do what you want, no?
}I thought so, but it hangs for a while and then returns the following error
}kinit: converting creds: Cannot contact any KDC for requested realm
}The requested realm in this case is IASTATE.EDU.  A subsequent klist shows
}me that I do have K5 tickets:
}> klist
}Credentials cache: FILE:/tmp/krb5cc_13773
}        Principal: mystify@IASTATE.EDU
}  Issued           Expires          Principal
}Jul 11 12:45:43  Jul 11 13:25:40  krbtgt/IASTATE.EDU@IASTATE.EDU

The KDC is using MIT kerberos, and I have the same problems with 1.5ALPHA's
kerberos using a krb5.conf that worked (got k5 & K4 tickets at login) with
crypto-us until the switch to crypto.

I solved my earlier problem with kerberos by moving /etc/kerberosV/krb5.conf
to /etc/krb5.conf.  (ktrace is ever so handy for these things.)

Tracy J. Di Marco White
Project Vincent Systems Manager