krb1.2.3 on win2k using win2k active directory
David Bailey
D.Bailey at Bristol.ac.uk
Mon Mar 18 08:54:59 EST 2002
Hi,
The subjects says it all, and may sound crazy, but I'm just trying to get to
grips with the practicalities of krb5...
I'm confused by the errors I'm getting with the following test - it's almost
certainly a problem with my understanding but any help would be appreciated.
I've built a vanilla release of MIT krb5 1.2.3 on win2k (SP2, MS VC 6.0 SP 5
and the latest SDK) following the src\windows\README instructions. Build
options are NODEBUG=1 and KRB5_DNS_LOOKUP=1. The build completes with no
problems.
I then point the clients at our win2k DC using the following krb5.ini
(krb5.conf for non MS people):
[libdefaults]
default_realm = MYREALM.BRIS.AC.UK
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
MYREALM.BRIS.AC.UK = {
kdc = mydc.phy.bris.ac.uk
default_domain = myrealm.bris.ac.uk
}
[domain_realm]
.myrealm.bris.ac.uk = MYREALM.BRIS.AC.UK
myrealm.bris.ac.uk = MYREALM.BRIS.AC.UK
(real machine names and realms removed in the above)
Using kinit with a valid principal (a user) in the domain returns the
folowing error:
kinit.exe(v5): KDC has no support for encryption type while getting initial
credentials
which has me confused. Is this because I've not installed a keytab on the
machine I'm trying to authenticate from or is there something I'm missing?
Any suggestions?
Cheers,
Dave
More information about the Kerberos
mailing list