KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2

Mon Apr 25 12:07:48 EDT 2005

The compile with CC works with no issues.

The other issue still remains.

"Cannot resolve network address for KDC in requested realm while getting
initial credentials"

I tried kinit with the -k and verbose; but not with a password.  I will
post the results once I get it accomplished.

Thanks,

Lamar

-----Original Message-----
From: Tom Yu [mailto:tlyu at MIT.EDU]
Sent: Thursday, April 21, 2005 2:18 PM
To: Saxon, Lamar
Cc: kerberos at mit.edu
Subject: Re: KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2

>>>>> "Lamar" ==   <Lamar.Saxon at americredit.com> writes:

Lamar> I tested KRB5 1.3.6 on AIX 5.2 using C for AIX and the installed
make.
Lamar> Created a krb5.conf and krb5.keytab to talk to a Windows 2k AD
Domain
Lamar> Controller.  Had no issues, connected and received tickets fine.

Lamar> I recently installed KRB5 1.4 on the same machine after removing
the
Lamar> 1.3.6 footprint.  I encountered an issue seen by others with the
error:

Lamar> "Syntax error at line 1 : `(' is not matched"

Lamar> when using AIX's make; but it seems to work fine using GNU Make.

This was ticket #2992, which will be fixed in the upcoming krb5-1.4.1
release.

Lamar> After compiling and doing a make install, I consistently receive
the
Lamar> following message when using kinit while using the same keytab
and
Lamar> configuration as 1.3.6:

Lamar> "Cannot resolve network address for KDC in requested realm while
getting
Lamar> initial credentials"

This might have been fixed by ticket #2974, which will be included in
the upcoming krb5-1.4.1 release.  Could you please try the
krb5-1.4.1-beta1 distribution to see if that works?  Does kinit using
a password work correctly?  In any case, I doubt it's specific to AIX,
though the possibility does exist.

Lamar> Is there a significant change to krb5.conf between 1.3.6 and 1.4
?  The
Lamar> binaries seem to work fine; but it does not look like it is even
looking
Lamar> at the krb5.conf file.  I can change the name or move it and the
message
Lamar> stays the same.  I have tried disabling DNS for realm and kdc;
put
Lamar> master_kdc in the entries; but still does not even act like it is
Lamar> looking at this file.

There have been some changes to the SRV record handling code, I think.

---Tom

Privileged and Confidential.  This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information.  If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail.  You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.