[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Incompatibility between latest snapshot and version 0.6
Today, I grabbed the latest Heimdal source code snapshot and compiled
it exactly the same way I did with my current production version.
When I try to use "kinit" from the new version, I get
the error message "Password incorrect" and the kdc.log shows:
Looking for pa-data -- alfw@SLAC.STANFORD.EDU
No client key matching pa-data (18) -- alfw@SLAC.STANFORD.EDU
No client key matching pa-data (17) -- alfw@SLAC.STANFORD.EDU
No client key matching pa-data (des3-cbc-sha1) -- alfw@SLAC.STANFORD.EDU
No client key matching pa-data (des3-cbc-md5) -- alfw@SLAC.STANFORD.EDU
No client key matching pa-data (arcfour-hmac-md5) -- alfw@SLAC.STANFORD.EDU
Failed to decrypt PA-DATA -- alfw@SLAC.STANFORD.EDU
This happens even if I force the encryption type.
My kdc has for each principal three keys stored:
des-cbc-md5(afs3-salt(slac.stanford.edu)),
des-cbc-md4(afs3-salt(slac.stanford.edu)),
des-cbc-crc(afs3-salt(slac.stanford.edu))
The problem seems to have to do with the new OpenSSL but I am not sure.
Is there a way to make the new Heimdal client binaries (all, not just
kinit) work with a Heimdal-0.6 kdc?
Many thanks,
Alf.
-----------------------------------------------------------------------
Alf Wachsmann | e-mail: alfw@slac.stanford.edu
SLAC Computing Service | Phone: +1-650-926-4802
2575 Sand Hill Road, M/S 97 | FAX: +1-650-926-3329
Menlo Park, CA 94025, USA | Office: Bldg. 50/323
-----------------------------------------------------------------------
http://www.slac.stanford.edu/~alfw (PGP)
-----------------------------------------------------------------------