[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More, re: Heimdal compatibility with MIT Krb 4

To: Love <lha@stacken.kth.se>
Subject: Re: More, re: Heimdal compatibility with MIT Krb 4
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 13 Mar 2003 19:16:36 -0800
Cc: heimdal-discuss@sics.se
In-Reply-To: <amvfyn5dwx.fsf@nutcracker.stacken.kth.se>
References: <p05111702ba915efe344c@[137.78.212.225]><amvfyn5dwx.fsf@nutcracker.stacken.kth.se>
Sender: owner-heimdal-discuss@sics.se

At 7:17 PM +0100 3/13/03, Love wrote:
>"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
>
>>>>[kdc]
>>>>          enable-kerberos4 = true
>>>>          enable-kaserver = true
>
>I think you need
>
>[kdc]
>             v4-realm = HOTZ.JPL.NASA.GOV

Well, that helps.  It also doesn't seem to prevent my OSX laptop from 
getting v5 tickets, which I had feared.

Now I get on Solaris:

redhotz.jpl.nasa.gov% kinit
SunOS (redhotz.jpl.nasa.gov)
Kerberos Initialization
Kerberos name: hotz
Password:
kinit: Password incorrect
redhotz.jpl.nasa.gov% klist
Ticket file:    /tmp/tkt1989
klist: No ticket file (tf_util)
redhotz.jpl.nasa.gov%

And the corresponding kdc log entry is:

2003-03-14T02:20:01 AS-REQ hotz.@HOTZ.JPL.NASA.GOV from 
IPv4:137.78.212.49 for krbtgt.HOTZ.JPL.NASA.GOV@HOTZ.JPL.NASA.GOV

with no indication that it failed.  In fact the password is typed 
correctly.  I tried it multiple times, and I tried from my OSX laptop 
to make sure I remembered the correct password.

The corresponding log entry for the OSX v5 kinit is:

2003-03-14T02:22:08 AS-REQ hotz@HOTZ.JPL.NASA.GOV from 
IPv4:137.78.212.225 for krbtgt/HOTZ.JPL.NASA.GOV@HOTZ.JPL.NASA.GOV

which works and does *not* have the extra "." after "hotz" that I 
commented on before.

>  > Does the Heimdal kdc obey the convention that kill -HUP makes it
>>  reread its config files?
>
>No, the kdc doesn't reload its config file on SIGHUP.

Thanks.  I'll be careful.  I guess you can say this is correctly 
documented by its absence from the documentation.  ;-)

Should I send comments on the documentation to you or to NetBSD, or both?

-------------------------

[libdefaults]
         v4_instance_resolve = true
         clockskew = 300
[realms]
         JPL.NASA.GOV = {
                 kdc = eis-fil-afsdb08.jpl.nasa.gov
                 kdc = eis-fil-afsdb09.jpl.nasa.gov
                 kdc = eis-fil-afsdb10.jpl.nasa.gov
                 admin_server = kerberos.jpl.nasa.gov
         }
         HOTZ.JPL.NASA.GOV = {
                 kdc = machotz.jpl.nasa.gov
                 admin_server = machotz.jpl.nasa.gov
                 v4_domains = jpl.nasa.gov
         }
[domain_realm]
         .jpl.nasa.gov = JPL.NASA.GOV
         jpl.nasa.gov = JPL.NASA.GOV
         machotz.jpl.nasa.gov = HOTZ.JPL.NASA.GOV
[kdc]
         enable-kerberos4 = true
         enable-kaserver = true
         v4-realm = HOTZ.JPL.NASA.GOV
[kadmin]
         use_v4_salt = true

-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

References:
- More, re: Heimdal compatibility with MIT Krb 4
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: KDC replay cache unnecessary?
Next by Date: Re: KDC replay cache unnecessary?
Prev by thread: More, re: Heimdal compatibility with MIT Krb 4
Next by thread: Re: More, re: Heimdal compatibility with MIT Krb 4
Index(es):
- Date
- Thread