Re: kerberosV with kerberosIV compatibility

[Love <lha%stacken.kth.se@localhost>]

Tracy Di Marco White <gendalia%iastate.edu@localhost> writes:

> Should this be working?  Am I doing something wrong?  If I'm not doing
> something wrong, what can I do to help solve the problem?
> 
> bb# kinit -4 gendalia
> gendalia%IASTATE.EDU@localhost's Password: 
> kinit: converting creds: Cannot contact any KDC for requested realm
> 
> I have /etc/krb.conf /etc/krb.realms, /etc/kerberosIV/krb.conf,
> /etc/kerberosIV/krb.realms, /etc/srvtab, and /etc/kerberosIV/srvtab.
> I'm not sure I've got whatever needs to be set up in krb5.conf
> configured correctly.
> 
> I ktrace'd kinit -4, and while I mention our machines kerberos-1 and
> kerberos-2 in my /etc/krb5.conf, it also seems to go looking and find
> our windc1 and windc2 machines, our windows kerberosV domain controllers.
> I'm not sure how it found those.  Possibly it goes out and tries to do
> windows style kerberos detection?  Of course, the windc[12] machines
> don't do kerberosIV at all.

Probably found the DC by the SRV-rr you have in DNS.

In order to get a krb4 ticket from a krb5 ditto (that is want -4 means) you
need to have support in the kerberos server, running on port 4444.

I guess that you have krb5 ticket, but no krb4, is that right ?

What are you trying to do. Get a krb4 ticket directly ?

Love