Error - KDC reply did not match expectations
Ken Weaverling
weave at navajo.dtcc.edu
Mon Feb 9 15:06:48 EST 2004
In article <pan.2004.02.09.15.50.53.911156 at lukeshouse.homeunix.org>,
Luke Scharf <lscharf at lukeshouse.homeunix.org> wrote:
>
>Does anyone know what this message really means? Also, does anyone know
>what changed with the kerberos implementation between RH9 and FC1?
FC1 uses kerberos 1.3.1 where RH9 used kerberos 1.2.7 -- also 1.2.7
works with windows 2003 server, where 1.2.7 doesn't (due to lack of
support for tcp in addition to udp responses)
>P.S. The FC1 machine is running pam_krb5-2.0.4-1 RPM and the RH9 machine is
>running the pam_krb5-1.60-1 RPM.
I had the same error as you did after trying to manually upgrade my
RHEL 3 box (based on kerberos 1.2.7 and pam_krb5-1.7) to the fedora
core packages (on rhel 3). I recompiled pam_krb5 1.7 from RHEL 3
sources against the newer kerberos libs, and it started working again.
I don't know if it's a problem with pam_krb5-2.0.4 or not. That's just
what I saw and what worked for me.
If all else fails and you don't get a better answer here, grab the
RHEL 3 pam_krb5 source (those are on the redhat ftp site, not the
binaries), and "rpmbuild --rebuild pam_krb5*.rpm" (whatever the rpm
file name is) and then install the binary that it places in
/usr/src/redhat/RPMS/i386 -- you probably will want to rpm -e the old
pam_krb5 and also reboot. (pam modules need to be registered or
something, and I don't know how to do that without a reboot although
I'm sure there must be a way...)
Note, I'm just a kerberos newbie, forced to know more by problems we
had, so feel free to get second and third opinions here first! :)
--
Ken Weaverling (ken a.t weaverling.org) WHOIS: KJW http://www.weaverling.org/
- - - - - - - - - - - - - - - - - -
Note: From address in posting is legit and may be replied to, but my reply may
be delayed since that address gets a lot of spam and I have to sort thru it :-(
More information about the Kerberos
mailing list