Hemidal and MIT Kerberos Compatibility
Jeffrey Hutzelman
jhutz at cmu.edu
Fri Dec 19 15:48:37 EST 2003
On Friday, December 19, 2003 10:26:58 -0500 xiongj at rpi.edu wrote:
> Hi everyone!
>
> Does anyone know the extent of Heimdal and MIT Kerberos compatibility?
>
> I have an MIT Kerberos KDC on RedHat that works with other MIT Kerberos
> kadmin's, but when I try to add a host via kadmin from SuSE's Heimdal and
> it is getting:
>
> kadmin> add -r host/host1.jin.com
> jin/admin at JIN.COM's Password:
> Max ticket life [unlimited]:
> Max renewable life [unlimited]:
> Principal expiration time [never]:
> Password expiration time [never]:
> Attributes []:
> jin/admin at JIN.COM's Password:
> kadmin: kadm5_create_principal: Bad response (during sendauth exchange)
> jin/admin at JIN.COM's Password:
> kadmin: kadm5_randkey_principal: Bad response (during sendauth exchange)
> Segmentation fault
>
> I'm using MIT Kerberos version 1.2.7, and Heimdal version 0.3e.
Heimdal and MIT krb5 interoperate quite well with regard to the Kerberos
protocol itself. They also have pretty good API compatibility (though not
perfect). However, they use completely different administrative protocols
which do not interoperate. As far as I know, neither group has any plans
to support the other's current admin protocols. There is hope for the
future, though, in the form of an ongoing effort to develop a common
administrative interface.
More information about the Kerberos
mailing list