[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Heimdahl Kerberos V5 / DCE interoperability
I built heimdahl.0-0t and decided to test it against a DCE
cell... Good work!
It can successfully authenticate against a DCE 1.1 cell:
jrd@buitz$ ./kinit jrd
jrd@bu.edu's Password:
jrd@buitz$ ./klist
Credentials cache: /opt/dcelocal/var/security/creds/dcecred_41fffffc
Principal: jrd@bu.edu
Issued Expires Principal
Sep 24 16:26:54 Sep 25 02:26:51 krbtgt/bu.edu@bu.edu
In addition, the 'kfoo' tool can be used to successfully acquire
authenticators to other services in a DCE cell:
jrd@buitz$ ./kfoo hosts/acs4/dfs-server
jrd@buitz$ ./kfoo hosts/ns2/cds-server
jrd@buitz$ ./kfoo hosts/halon.bu.edu/dfs-server
jrd@buitz$ ./klist
Credentials cache: /opt/dcelocal/var/security/creds/dcecred_41fffffb
Principal: jrd@bu.edu
Issued Expires Principal
Sep 24 16:30:17 Sep 25 02:30:14 krbtgt/bu.edu@bu.edu
Sep 24 16:30:46 Sep 25 02:30:14 hosts/acs4/dfs-server@bu.edu
Sep 24 16:31:00 Sep 25 02:30:14 hosts/ns2/cds-server@bu.edu
Sep 24 16:31:55 Sep 25 02:30:14 hosts/halon.bu.edu/dfs-server@bu.edu
This is AWESOME work.
However, Heimdahl cant presently understand how to traverse
a credentials cache that has been constructed by DCE 1.1 - (Krb5Beta2)
jrd@buitz$ dce_login jrd
Enter Password:
jrd@buitz$ cd heimdal-0.0t/kuser/
jrd@buitz$ ./klist
klist: krb5_cc_get_principal: Unsupported credentials cache format version number
This is OK... We can go fix this later.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Jim Doyle Boston University Information Technology
Systems Analyst/Programmer email: jrd@bu.edu Distributed Systems
http://www.bu.edu/~jrd/ tel. (617)-353-8248
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++--+-+-+-+-+-+-