problem with the kinit_prompter in kfw 2.5

Alexandra Ellwood lxs at MIT.EDU
Mon Feb 16 23:26:28 EST 2004


>I have hard time to get the posix prompter to run under kfw 2.5. Here is the
>scenario:
>- kfw 2.5 on Windows 2000/XP (with all the service packs/hotfixes/patches)
>- user with the expired password tries to initialized tickets v.5 via kinit:
>
>	kinit -5
>
>The result of the above is
>  "Cannot find KDC for requested realm" (KRB5_REALM_UNKNOWN (-1765328230L).
>Shouldn't it run knit_prompter instead (which eventually should call
>krb5_prompter_posix) giving user an opportunity to change the password? At
>least that is what used to happen in previous version (kfw 2.1.2 for sure). Am
>I missing something here?

If you have DNS SRV record lookups turned off (either because they 
are compiled out or if you have dns_fallback=no in your libdefaults), 
this is probably a known bug (RT #1721 "get_init_creds_password: DNS 
SRV off causes bogus REALM_UNKNOWN").  This bug should be fixed in 
the next version of KfW (the one based on krb5-1.3.2).


You can download a beta of kfw-2.6 to make sure it's fixed: 
<http://web.mit.edu/kerberos/www/dist/testing.html#kfw-2.6>


Hope this helps,

-- 
--lxs
-----------------------------------------------------------------------------
Alexandra Ellwood                                               <lxs at mit.edu>
MIT Information Services & Technology                 http://mit.edu/lxs/www/
-----------------------------------------------------------------------------


More information about the Kerberos mailing list