MIT-Heimdal interop issues

Sam Hartman hartmans at MIT.EDU
Wed Mar 24 15:32:43 EST 2004


>>>>> "Donn" == Donn Cave <donn at drizzle.com> writes:

    Donn> Quoth digant at uta.edu (Digant Kasundra):
    Donn> | Well, for some reason, I'm not getting good results.  getting a ticket with
    Donn> | kinit on the heimdal side works great if I specify a password.  But when
    Donn> | using a keytab, it will only work if I tell it manually what encryption type
    Donn> | to use, even though ktutil identifies the enc type correctly when listing
    Donn> | the keys in that keytab.
    Donn> |
    Donn> | I think this is the major contributor to my gssapi bind failing on openldap.

    Donn> The way I remember it, Heimdal looks for different keywords in the
    Donn> /etc/krb5.conf configuration file.  I forget which is whose, but ours
    Donn> now looks like

Heimdal is default_etypes; the rest are MIT config values.

But please don't specify any of the above.  None of them should be
needed with even moderately recent versions of the code in a correctly
configured realm.



More information about the Kerberos mailing list