Subject: Using 1.5_ALPHA kerberos with older servers
To: None <>
From: William O Ferry <>
List: current-users
Date: 09/17/2000 11:40:51
	I tried updating a few of my test machines to 1.5_ALPHA2 and am finding that 
they now refuse to deal with my machines running 1.4 and the old in-tree (US) 
krb4 server.  I read the manpage for krb5.conf and configured a file that 
seems sane to me.  I tried both 'kinit' and 'kinit -4' and both give the same 

kinit: krb5_get_init_creds: Cannot contact any KDC for requested realm

	Is there some configuration file magic to convince 1.5_ALPHA2's kerberos 
clients to only try to talk v4 to a realm?  Hopefully somebody considered 
keeping compatibility with the kerberos we used to ship???

	usr.bin/login appears to be similarly broken.  To work around this one I just 
commented out the lines in the Makefile to keep it from building the kerberos5 
portion and it worked (it appears looking at some of the #ifdefs that enabling 
KERBEROS5 disables krb4 support in login, and login's Makefile provides no 
means of indicating which one you want to use).

	Are there any general pointers to getting our new kerberos clients to 
interact with our old servers?  I'm sure there are lots of other things not 
working on these systems that I just haven't found yet.

	Thanks in advance.

                                                          Will Ferry