How to Force a Kerb 4 Request

Henry B. Hotz hotz at jpl.nasa.gov
Tue Nov 23 19:11:59 EST 2004 

Looks like Heimdal, not MIT.  What do you get with "kinit --version"?   
(Heimdal will print a version message.  MIT will ignore the option and  
just try to authenticate you anyway.)

I was looking for an MIT equivalent, which I suspect might not exist.

On Nov 23, 2004, at 1:32 PM, Rachel Elizabeth Dillon wrote:

> From the kinit manpage in the most recent Debian version, which is  
> 1.3.x:
>
> OPTIONS
>        -5     get Kerberos 5 tickets.  This overrides whatever the  
> default
> 		built-in behavior may be.  This option may be used with -4
>
>        -4     get  Kerberos 4 tickets.  This overrides whatever the  
> default
> 		built-in behavior may be.  This option is only available if
> 		kinit was built with Kerberos 4 compatibility.  This option
> 		may be used with -5
>
> I don't have a test server for Kerberos 4, but it works fine with my  
> MIT
> account.  Check your build for Kerberos 4 compatibility?
>
> Best of luck,
>
> -r.
>
> On Tue, Nov 23, 2004 at 01:26:24PM -0800, Henry B. Hotz wrote:
>> It appears that with 1.3.x you can't force it to make a kerberos 4  
>> auth
>> request.  I've tried putting only info in the [v4 realms]-like  
>> sections
>> and disabling the DNS lookup on OSX 10.3, but then a kinit just fails.
>>
>> Is there any MIT equivalent to Heimdal kinit -4?
>>
>> Yes, I know this is a *BAD* idea and you-all hate it.  I just have a
>> test case I need to support.
>> ---------------------------------------------------------------------- 
>> --
>> ----
>> The opinions expressed in this message are mine,
>> not those of Caltech, JPL, NASA, or the US Government.
>> Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
>>
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the Kerberos mailing list