krb5.conf supporting "Kerberos for Macintosh 4.0"
Rich Johnson
rjohnson at dogstar-interactive.com
Tue Mar 19 11:09:25 EST 2002
Hey folks--
I'm trying to use "Kerberos for Macintosh (4.0)" client with a server
from the debian distribution (krb*_1.2.4). Everything is used "just out
of the box" except the .conf files.
I can't get past a "Auth expired" message when I try to get tickets from
Kerberos for Macinosh. I _think_ the problem lies with my krb5.conf,
but I'm not sure how to interpret the log (excerpted below):
Substituting <client> for the inet address and <realm> for my realm;
krb5kdc log reports:
(info):AS_REQ (2 etypes {16 3}) <client>(88):
NEEDED_PREAUTH:rich@<realm> for krbtgt/<realm>@<realm>, Additional
preauthorization required
(info):AS_REQ (2 etypes {16 3}) <client>(88): ISSUE:authtime 1016551882,
etypes {rep=16 tkt=16 ses=16}, rich@<realm> for krbtgt/<realm>@<realm>
(info):PROCESS_V4:Initial ticket request Host: <client> User: "rich" ""
(Error):PROCESS_V4:V5 REQUIRES_PREAUTH set "rich" ""
So, is there a canonical configuration for such a setup?
Or, can anyone point me to a matched set of server (krb5.conf) and
client (Kerberos Preferences) config files?
Thanks,
--rich
More information about the Kerberos
mailing list