Subject: Re: kerberosV with kerberosIV compatibility
To: Tracy Di Marco White <>
From: Love <>
List: tech-crypto
Date: 11/02/2000 00:56:37
Tracy Di Marco White <> writes:

> Should this be working?  Am I doing something wrong?  If I'm not doing
> something wrong, what can I do to help solve the problem?
> bb# kinit -4 gendalia
> gendalia@IASTATE.EDU's Password: 
> kinit: converting creds: Cannot contact any KDC for requested realm
> I have /etc/krb.conf /etc/krb.realms, /etc/kerberosIV/krb.conf,
> /etc/kerberosIV/krb.realms, /etc/srvtab, and /etc/kerberosIV/srvtab.
> I'm not sure I've got whatever needs to be set up in krb5.conf
> configured correctly.
> I ktrace'd kinit -4, and while I mention our machines kerberos-1 and
> kerberos-2 in my /etc/krb5.conf, it also seems to go looking and find
> our windc1 and windc2 machines, our windows kerberosV domain controllers.
> I'm not sure how it found those.  Possibly it goes out and tries to do
> windows style kerberos detection?  Of course, the windc[12] machines
> don't do kerberosIV at all.

Probably found the DC by the SRV-rr you have in DNS.

In order to get a krb4 ticket from a krb5 ditto (that is want -4 means) you
need to have support in the kerberos server, running on port 4444.

I guess that you have krb5 ticket, but no krb4, is that right ?

What are you trying to do. Get a krb4 ticket directly ?