MIT-Heimdal interop issues

Digant Kasundra digant at uta.edu
Tue Mar 23 18:12:11 EST 2004


Well, for some reason, I'm not getting good results.  getting a ticket with
kinit on the heimdal side works great if I specify a password.  But when
using a keytab, it will only work if I tell it manually what encryption type
to use, even though ktutil identifies the enc type correctly when listing
the keys in that keytab.

I think this is the major contributor to my gssapi bind failing on openldap.

Do you remember any other special tricks you had to do to make the two work
together more "seamlessly."

-----Original Message-----
From: Sam Hartman
To: Digant Kasundra
Cc: 'kerberos at mit.edu'
Sent: 3/23/2004 4:50 PM
Subject: Re: MIT-Heimdal interop issues

>>>>> "Digant" == Digant Kasundra <digant at uta.edu> writes:

    Digant> Hello everyone, Has anyone here had the experience of
    Digant> getting MIT Kerb5 and Heimdal to interoperate?  We are
    Digant> testing out MIT KDCs and we have compiled our OpenLDAP
    Digant> machines against Heimdal.

Yes.  OUr interop tests with Heimdal tend to work fairly well.

If you are using single DES keys, use des-cbc-crc on both sides to
avoid some problems you might run into with other single DES enctypes.

Everything other than DES should just work.


More information about the Kerberos mailing list