I have a Kerberos V only (heimdal) authentication server. When I run kinit =
I=20
get:

$ kinit
john@JOHNRSHANNON.COM's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
kinit: converting creds: Cannot contact any KDC for requested realm

and klist shows:

$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
        Principal: john@JOHNRSHANNON.COM

  Issued           Expires          Principal
Sep  2 04:52:13  Sep  2 14:52:13  krbtgt/JOHNRSHANNON.COM@JOHNRSHANNON.COM
Sep  2 04:52:13  Sep  2 14:52:13  krbtgt/JOHNRSHANNON.COM@JOHNRSHANNON.COM

   V4-ticket file: /tmp/tkt1000
klist: No ticket file (tf_util)

On an OpenBSD client, when I do the same thing I see:

Credentials cache: FILE:/tmp/krb5cc_0
        Principal: john@JOHNRSHANNON.COM

  Issued           Expires          Principal
Sep  2 04:50:26  Sep  2 14:50:26  krbtgt/JOHNRSHANNON.COM@JOHNRSHANNON.COM


Monitoring the network traffic shows that port 4444/udp, the krb5 -> krb4=20
ticket conversion, on the authentication server is being accessed by the=20
client; there is nothing listening to that port.

=46rom this, I assume that the client is trying to setup both Kerberos IV a=
nd V=20
credentials. How do I set up the NetBSD client for Kerberos V only?

=2D-=20

John R. Shannon
john@johnrshannon.com