Re: krb4 access with heimdal + kpasswd problem

[Assar Westerlund <assar@sics.se>]

torbjorn.lindh@allgon.se writes:
> I have switched from kth-krb to heimdal and it works nicely except for
> krb4-clients (such as Ktelnet or /usr/athena/telnet). What I get is:
> 
> [ Trying mutual KERBEROS4 ... ]
> [ Kerberos V4 refuses authentication because Can't decode authenticator
> (krb_rd_req) ]
> [ Trying KERBEROS4 ... ]
> [ Kerberos V4 refuses authentication because Can't decode authenticator
> (krb_rd_req) ]

This error indicates that the server did not manage to decode the
ticket properly.  Can you run `klist -v' on your client and `ksrvutil
list' on your machine running telnetd and make sure they have the same
version number for the `rcmd.hostname' key?

BTW, this error should not have anything to do with krb5.  The telnet
code is the same in both cases and since it says KERBEROS4, it's using
the v4 authentication stuff in telnet, and actually the krb4 libraries
too.

> Another problem is that kpasswd does not work with my heimdal setup.
> strace:in kpasswd made me believe that it tries to look up SRV-records for
> kpasswd.upd so I added them.

Can you show us the SRV record you added?

> Still the same problem:
> $ kpasswd
> toobii@ALLGON.SE's Password: 
> New password: 
> Verifying password - New password: 
> kpasswd: krb5_change_password: Unknown error 4294967288
> $ 

Can you try adding this to your /etc/krb5.conf?

ALLGON.SE = {
        admin_server = udp/kerberos.allgon.se
};

/assar