[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: More, re: Heimdal compatibility with MIT Krb 4
At 2:35 PM +0100 3/14/03, Love wrote:
>"Henry B. Hotz" <firstname.lastname@example.org> writes:
>Do you have v4 salted keys ?
I'm not altogether dim *all* the time anyway. That reminded me of a
discussion in the AFS kerberos 5 migration kit docs. I changed the
password for that principal under OSX and suddenly it worked under
> >> > Does the Heimdal kdc obey the convention that kill -HUP makes it
>>>> reread its config files?
>>>No, the kdc doesn't reload its config file on SIGHUP.
>> Thanks. I'll be careful. I guess you can say this is correctly
>> documented by its absence from the documentation. ;-)
>There is a manpage for kdc, and quite a lot of info documetation describing
>how to set up a realm.
I find the info on Heimdal to be more useful than the info on MIT
kerberos. More user-oriented anyway. I mostly followed the
http://www.mcc.ac.uk/Documentation/coda/heimdal_toc.html to set up
the realm and I could telnet in from OSX immediately.
I added the
use_v4_salt = true
after I had created the principal I was using for testing.
So now I can kinit under OSX with v5, under Solaris with v4, and I
can klog.krb under Solaris with some flavor of OpenAFS as well.
klog.krb under OSX with OpenAFS 1.2.7 gives me the same error message
as the older one under Solaris, but it doesn't keep the tickets
afterwards. (The msg is: "Unable to authenticate to AFS because
unknown cell was passed to SetToken." I expect it's because I don't
actually have an AFS cell running on the kerberos server yet. I did
put an entry in the CellServDB.)
The only major Kerberos implementation I haven't verified
compatibility with now is Windows. I know there is a howto out there
on the subject, so I'm sure it can be done.
> > Should I send comments on the documentation to you or to NetBSD, or both?
>You can send it to me.
1) The man pages generally say #include <krb5/krb5.h>, but you really
need a -I/usr/include/krb5 on the command line because of all the
subsidiary include files needed. That makes #include <krb5.h> a
simpler thing to say. OTOH maybe that means that the krb5.h file
ought to say e.g. <krb5/asn1_err.h> itself.
2) It's obvious that you need -lkrb5 to link. It's not obvious that
you also need -lasn1 -ldes -lroken -lcom_err as well.
I don't actually know if these comments are specific to NetBSD (I'm
running -current as of Jan 4, 2003, 1.6L) or if they are generic for
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or email@example.com