kinit ignores kdc in config file on Mac 10.5
petesea@bigfoot.com
petesea at bigfoot.com
Thu Nov 13 18:22:59 EST 2008
On Thu, 13 Nov 2008, Ken Raeburn wrote:
> As to why it would try to contact a host matching the name of the realm,
> I don't know. Our basic library code shouldn't do that, but Apple ships
> a couple of KDC-locating plugins in
> /System/Library/KerberosPlugins/KerberosFrameworkPlugins which I haven't
> looked at. Our library code does allow plugins to override the config
> file; perhaps one of them is doing so. Is the Mac joined to a domain?
If by "joined to a domain" you mean there's a DNS entry associated with
this host, then yes there is... both forward and reverse.
> If not, one of the plugins might be triggering anyways. I'm not sure if
> it's safe to move them to another directory or "chmod 0" them, to try to
> see what's going on. But doing it only briefly while you've got a
> command-line window open with a root shell would -- I would *guess* --
> not be too risky.
It looks like the culprit is (or is related to):
/System/Library/KerberosPlugins/KerberosFrameworkPlugins/ODLocate.bundle
If I move ODLocate.bundle to a directory outside it's current location
then kinit works.
But, I've compared all the files (included checksums) under this directory
to another 10.5 system owned by the same user and they are identical. So
the actual problem must be some other library/plugin or config file.
Any idea where else to look?
And any idea what the ODLocate.bundle plugin is for?
More information about the Kerberos
mailing list