[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mixing heimdal and MIT clients.
--On måndag, måndag 14 jan 2008 14.49.22 -0600 "Timothy J. Miller"
<tmiller@mitre.org> wrote:
> Q for the list:
>
> If I'm using heimdal to obtain the TGT, should another client linked
> against MIT be able to read the ccache and fetch a service ticket? I ask
> because from what I've read I think it should, but for the life of me I
> can't get it to work.
It works here. OS X, first klist invocation is MIT, second is Heimdal:
rasmus:~ mansaxel$ /usr/bin/klist
Kerberos 5 ticket cache: 'API:0'
Default principal: mansaxel@KTHNOC.NET
Valid Starting Expires Service Principal
01/15/08 06:23:54 01/15/08 16:23:14 krbtgt/KTHNOC.NET@KTHNOC.NET
01/15/08 06:24:01 01/15/08 16:23:14 krbtgt/BESSERWISSER.ORG@KTHNOC.NET
01/15/08 06:24:07 01/15/08 16:23:14 afs@BESSERWISSER.ORG
01/15/08 06:24:11 01/15/08 16:23:14 host/bardisk.kthnoc.net@KTHNOC.NET
klist: No Kerberos 4 tickets in credentials cache
rasmus:~ mansaxel$ /usr/heimdal/bin/klist
Credentials cache: API:0
Principal: mansaxel@KTHNOC.NET
Issued Expires Principal
Jan 15 06:23:54 Jan 15 16:23:14 krbtgt/KTHNOC.NET@KTHNOC.NET
Jan 15 06:24:01 Jan 15 16:23:14 krbtgt/BESSERWISSER.ORG@KTHNOC.NET
Jan 15 06:24:07 Jan 15 16:23:14 afs@BESSERWISSER.ORG
Jan 15 06:24:11 Jan 15 16:23:14 host/bardisk.kthnoc.net@KTHNOC.NET
rasmus:~ mansaxel$
> Scenario: logins with pam_krb5 (linked against heimdal-1.0.1) and an AD
> KDC. Clients (Firefox and smbclient, frex) linked against MIT 1.6.
Do simpler things like the klist above work? Do the enctypes match; can all
involved use all enctypes? Do you have logs from the kdc? Can you see
whether the client tries to talk to the kdc?
Questions, questions. Maybe one of them get you thinking...
Regards,
--
Måns Nilsson Systems Specialist
+46 70 681 7204 cell KTHNOC
+46 8 790 6518 office MN1334-RIPE
On the road, ZIPPY is a pinhead without a purpose, but never without a
POINT.
PGP signature