Re: Some questions ...

[joda@pdc.kth.se (Johan Danielsson)]

Fabrizio Manfredi <manfred@fastflow.it> writes:

Hello,

> 1) why i can telnet (with heimdal telnet ) to a application server in
> krb4
>    but i cant take a ticket ,
> 	kinit --524init  manfred
> 	manfred@TU-GRAZ.AC.AT's Password: 
> 	kinit: krb5_get_init_creds: Initial Ticket response appears to be
> Version 4

I don't know what you're trying to do here, but to me it seems as if
you don't have a running krb5 KDC here, and that it manages to find a
krb4 KDC instead (which won't work). Telnet speaks both krb4 and krb5,
so that should work.

> 2) when i try to telnet (with krb4 telnet) to a application server in
> heimdal

I get the impression that you already have krb4 tickets here? If
that's the case I guess that these errors are because the KDC can't
find a principal matching rcmd.furuholmen. The most likely cause for
this is that you have mistyped v4_instance_convert:

>                 v4_istance_convert= {
>                         furuholmen = furuholmen.tu-graz.ac.at
>                 }


And also, it doesn't expect to find a . before the domain here:

>                 default_domain = .tu-graz.ac.at

However, I wouldn't use any of these, instead I would use something
like:

        TU-GRAZ.AC.AT = {
                kdc          =  kerberos.tu-graz.ac.at
                admin_server =  kerberos.tu-graz.ac.at 
                v4_domains = tu-graz.ac.at
        }

(with recent Heimdals, you won't need a v4_name_convert for these
simple cases.


Does this answer your questions?

/Johan