[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More, re: Heimdal compatibility with MIT Krb 4

At 7:17 PM +0100 3/13/03, Love wrote:
>"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
>>>>          enable-kerberos4 = true
>>>>          enable-kaserver = true
>I think you need
>             v4-realm = HOTZ.JPL.NASA.GOV

Well, that helps.  It also doesn't seem to prevent my OSX laptop from 
getting v5 tickets, which I had feared.

Now I get on Solaris:

redhotz.jpl.nasa.gov% kinit
SunOS (redhotz.jpl.nasa.gov)
Kerberos Initialization
Kerberos name: hotz
kinit: Password incorrect
redhotz.jpl.nasa.gov% klist
Ticket file:    /tmp/tkt1989
klist: No ticket file (tf_util)

And the corresponding kdc log entry is:

2003-03-14T02:20:01 AS-REQ hotz.@HOTZ.JPL.NASA.GOV from 

with no indication that it failed.  In fact the password is typed 
correctly.  I tried it multiple times, and I tried from my OSX laptop 
to make sure I remembered the correct password.

The corresponding log entry for the OSX v5 kinit is:

2003-03-14T02:22:08 AS-REQ hotz@HOTZ.JPL.NASA.GOV from 

which works and does *not* have the extra "." after "hotz" that I 
commented on before.

>  > Does the Heimdal kdc obey the convention that kill -HUP makes it
>>  reread its config files?
>No, the kdc doesn't reload its config file on SIGHUP.

Thanks.  I'll be careful.  I guess you can say this is correctly 
documented by its absence from the documentation.  ;-)

Should I send comments on the documentation to you or to NetBSD, or both?


         v4_instance_resolve = true
         clockskew = 300
         JPL.NASA.GOV = {
                 kdc = eis-fil-afsdb08.jpl.nasa.gov
                 kdc = eis-fil-afsdb09.jpl.nasa.gov
                 kdc = eis-fil-afsdb10.jpl.nasa.gov
                 admin_server = kerberos.jpl.nasa.gov
         HOTZ.JPL.NASA.GOV = {
                 kdc = machotz.jpl.nasa.gov
                 admin_server = machotz.jpl.nasa.gov
                 v4_domains = jpl.nasa.gov
         .jpl.nasa.gov = JPL.NASA.GOV
         jpl.nasa.gov = JPL.NASA.GOV
         machotz.jpl.nasa.gov = HOTZ.JPL.NASA.GOV
         enable-kerberos4 = true
         enable-kaserver = true
         v4-realm = HOTZ.JPL.NASA.GOV
         use_v4_salt = true

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu