KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2
Tom Yu
tlyu at MIT.EDU
Thu Apr 21 15:17:45 EDT 2005
>>>>> "Lamar" == <Lamar.Saxon at americredit.com> writes:
Lamar> I tested KRB5 1.3.6 on AIX 5.2 using C for AIX and the installed make.
Lamar> Created a krb5.conf and krb5.keytab to talk to a Windows 2k AD Domain
Lamar> Controller. Had no issues, connected and received tickets fine.
Lamar> I recently installed KRB5 1.4 on the same machine after removing the
Lamar> 1.3.6 footprint. I encountered an issue seen by others with the error:
Lamar> "Syntax error at line 1 : `(' is not matched"
Lamar> when using AIX's make; but it seems to work fine using GNU Make.
This was ticket #2992, which will be fixed in the upcoming krb5-1.4.1
release.
Lamar> After compiling and doing a make install, I consistently receive the
Lamar> following message when using kinit while using the same keytab and
Lamar> configuration as 1.3.6:
Lamar> "Cannot resolve network address for KDC in requested realm while getting
Lamar> initial credentials"
This might have been fixed by ticket #2974, which will be included in
the upcoming krb5-1.4.1 release. Could you please try the
krb5-1.4.1-beta1 distribution to see if that works? Does kinit using
a password work correctly? In any case, I doubt it's specific to AIX,
though the possibility does exist.
Lamar> Is there a significant change to krb5.conf between 1.3.6 and 1.4 ? The
Lamar> binaries seem to work fine; but it does not look like it is even looking
Lamar> at the krb5.conf file. I can change the name or move it and the message
Lamar> stays the same. I have tried disabling DNS for realm and kdc; put
Lamar> master_kdc in the entries; but still does not even act like it is
Lamar> looking at this file.
There have been some changes to the SRV record handling code, I think.
---Tom
More information about the Kerberos
mailing list