Disabling Kerberos 5-to-4 ticket conversion
Matthew X. Economou
xenophon+usenet at irtnog.org
Fri Dec 27 08:58:37 EST 2002
I have a DECstation running NetBSD 1.6 configured to authenticate
users against an Active Directory domain. "kinit" and friends work as
expected, but I keep getting the following error:
kinit: converting creds: Cannot contact any KDC for requested realm
I didn't find anything pertinent in the manual pages for krb5.conf and
krb5_524_conv_principal (which only told me how to configure the
conversion settings, not how to deactivate it). Can anyone tell me
how to disable ticket conversion? I'm assuming it's a one-liner in
/etc/krb5.conf.
I believe NetBSD uses Heimdal Kerberos, not MIT.
My current krb5.conf looks like this:
[libdefaults]
default_realm=YOYODYNE.COM
default_etypes=des-cbc-crc
default_etypes_des=des-cbc-crc
[realms]
IRTNOG.ORG={
kdc=dc1.yoyodyne.com:88
kdc=dc2.yoyodyne.com:88
kdc=dc3.yoyodyne.com:88
}
[domain_realm]
.yoyodyne.com=YOYODYNE.COM
[logging]
default=SYSLOG:INFO:USER
kdc=SYSLOG:INFO
Kind regards,
Matthew
--
Matthew X. Economou <xenophon at irtnog.org> - Unsafe at any clock speed!
I'm proud of my Northern Tibetian heritage! (http://www.subgenius.com)
"The reason that ed is the standard editor is to remind you that things
could be worse, and once were." -- Tim Lavoie in comp.lang.lisp
More information about the Kerberos
mailing list