Re: SEAM change password protocol different?

["Henry B. Hotz" <hotz@jpl.nasa.gov>]

I'm wondering if Debian moved things around.

At 3:39 PM +0000 2/26/04, Dave Love wrote:
>"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
>
>>  I'm guessing that SEAM uses a different change password protocol than
>>  MIT/Heimdal do.  One that is GSSAPI-based instead of "native".
>
>I've just been trying to make this work too.  To start with, see the
>`kpasswd_protocol' doc in krb5.conf(4).

For me that man page is in section 5, not section 4 (which is 
machine-specific device drivers on NetBSD).

In any case there is no entry for kpasswd_protocol in krb5.conf(5) in 
either the NetBSD preinstalled version or in 0.6.  Is it described in 
-current or in some other page?

>However, setting that to SET_CHANGE still doesn't work against
>Debian's Heimdal 0.4e KDC.  It says (on Solaris 8 or 9):
>
>kpasswd: Cannot establish a session with the Kerberos administrative 
>server for realm DL.AC.UK. Bad encryption type.
>
>This seems as though it should be an FAQ, but I can't find any
>references.  Unless anyone else knows the solution, I'll try to open a
>support call on it sometime since the Solaris doc suggests it should
>work (at least against MIT KDC).

Does it now?  I guess I should have looked harder.  That's what I 
thought --- password change was standard while kadmin wasn't.
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu