krb5.conf supporting "Kerberos for Macintosh 4.0"

Rich Johnson rjohnson at dogstar-interactive.com
Tue Mar 19 11:09:25 EST 2002


Hey folks--

I'm trying to use "Kerberos for Macintosh (4.0)" client with a server
from the debian distribution (krb*_1.2.4).  Everything is used "just out
of the box" except the .conf files.  

I can't get past a "Auth expired" message when I try to get tickets from
Kerberos for Macinosh.   I _think_ the problem lies with my krb5.conf,
but I'm not sure how to interpret the log (excerpted below):

Substituting <client> for the inet address and <realm> for my realm; 
krb5kdc log reports:

(info):AS_REQ (2 etypes {16 3}) <client>(88):
NEEDED_PREAUTH:rich@<realm> for krbtgt/<realm>@<realm>, Additional
preauthorization required
(info):AS_REQ (2 etypes {16 3}) <client>(88): ISSUE:authtime 1016551882,
etypes {rep=16 tkt=16 ses=16}, rich@<realm> for krbtgt/<realm>@<realm> 
(info):PROCESS_V4:Initial ticket request Host: <client> User: "rich" "" 
(Error):PROCESS_V4:V5 REQUIRES_PREAUTH set "rich" ""

So, is there a canonical configuration for such a setup?
Or, can anyone point me to a matched set of server (krb5.conf) and
client (Kerberos Preferences) config files?

Thanks,
--rich



More information about the Kerberos mailing list