Subject: Re: Kerberos IV vs. Kerberos V
To: Patrick Hartling <firstname.lastname@example.org>
From: Tracy J. Di Marco White <email@example.com>
Date: 07/11/2000 16:57:40
Patrick Hartling <firstname.lastname@example.org> wrote:
}email@example.com (Johan Danielsson) wrote:
}} Patrick Hartling <firstname.lastname@example.org> writes:
}} > I have an /etc/krb5.conf that has some Kerberos IV bits in it, but I
}} > am unable to get my K5 tickets converted to the Kerberos IV tickets
}} > that I need.
}} What are those bits? -current doesn't use MIT krb5, so there might be
}} differences. My impression (form reading the manpage) is that v4
}} compat is wither built-in (in the MIT kinit) or not.
}I have attached my /etc/krb5.conf file. I don't claim to understand it
}completely since I copied it from one of the Alpha machines here on
}campus and modified what I knew needed to be changed (paths mainly).
}} kinit -4 should do what you want, no?
}I thought so, but it hangs for a while and then returns the following error
}kinit: converting creds: Cannot contact any KDC for requested realm
}The requested realm in this case is IASTATE.EDU. A subsequent klist shows
}me that I do have K5 tickets:
}Credentials cache: FILE:/tmp/krb5cc_13773
} Principal: mystify@IASTATE.EDU
} Issued Expires Principal
}Jul 11 12:45:43 Jul 11 13:25:40 krbtgt/IASTATE.EDU@IASTATE.EDU
The KDC is using MIT kerberos, and I have the same problems with 1.5ALPHA's
kerberos using a krb5.conf that worked (got k5 & K4 tickets at login) with
crypto-us until the switch to crypto.
I solved my earlier problem with kerberos by moving /etc/kerberosV/krb5.conf
to /etc/krb5.conf. (ktrace is ever so handy for these things.)
Tracy J. Di Marco White
Project Vincent Systems Manager