Hemidal and MIT Kerberos Compatibility

Jeffrey Hutzelman jhutz at cmu.edu
Fri Dec 19 15:48:37 EST 2003



On Friday, December 19, 2003 10:26:58 -0500 xiongj at rpi.edu wrote:

> Hi everyone!
>
> Does anyone know the extent of Heimdal and MIT Kerberos compatibility?
>
> I have an MIT Kerberos KDC on RedHat that works with other MIT Kerberos
> kadmin's, but when I try to add a host via kadmin from SuSE's Heimdal and
> it is getting:
>
> kadmin> add -r host/host1.jin.com
> jin/admin at JIN.COM's Password:
> Max ticket life [unlimited]:
> Max renewable life [unlimited]:
> Principal expiration time [never]:
> Password expiration time [never]:
> Attributes []:
> jin/admin at JIN.COM's Password:
> kadmin: kadm5_create_principal: Bad response (during sendauth exchange)
> jin/admin at JIN.COM's Password:
> kadmin: kadm5_randkey_principal: Bad response (during sendauth exchange)
> Segmentation fault
>
> I'm using MIT Kerberos version 1.2.7, and Heimdal version 0.3e.

Heimdal and MIT krb5 interoperate quite well with regard to the Kerberos 
protocol itself.  They also have pretty good API compatibility (though not 
perfect).  However, they use completely different administrative protocols 
which do not interoperate.  As far as I know, neither group has any plans 
to support the other's current admin protocols.  There is hope for the 
future, though, in the form of an ongoing effort to develop a common 
administrative interface.




More information about the Kerberos mailing list