problem with the kinit_prompter in kfw 2.5
Alexandra Ellwood
lxs at MIT.EDU
Mon Feb 16 23:26:28 EST 2004
>I have hard time to get the posix prompter to run under kfw 2.5. Here is the
>scenario:
>- kfw 2.5 on Windows 2000/XP (with all the service packs/hotfixes/patches)
>- user with the expired password tries to initialized tickets v.5 via kinit:
>
> kinit -5
>
>The result of the above is
> "Cannot find KDC for requested realm" (KRB5_REALM_UNKNOWN (-1765328230L).
>Shouldn't it run knit_prompter instead (which eventually should call
>krb5_prompter_posix) giving user an opportunity to change the password? At
>least that is what used to happen in previous version (kfw 2.1.2 for sure). Am
>I missing something here?
If you have DNS SRV record lookups turned off (either because they
are compiled out or if you have dns_fallback=no in your libdefaults),
this is probably a known bug (RT #1721 "get_init_creds_password: DNS
SRV off causes bogus REALM_UNKNOWN"). This bug should be fixed in
the next version of KfW (the one based on krb5-1.3.2).
You can download a beta of kfw-2.6 to make sure it's fixed:
<http://web.mit.edu/kerberos/www/dist/testing.html#kfw-2.6>
Hope this helps,
--
--lxs
-----------------------------------------------------------------------------
Alexandra Ellwood <lxs at mit.edu>
MIT Information Services & Technology http://mit.edu/lxs/www/
-----------------------------------------------------------------------------
More information about the Kerberos
mailing list