KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2

Tue Apr 26 14:38:24 EDT 2005

Downloaded KRB5 1.4.1 and the installation worked great with GCC and AIX
make.  None of the problems that were encountered with 1.4.0 and the
unbalanced "(".

The problem with:

/usr/local/kerberos/bin/kinit -V
kinit(v5): Cannot resolve network address for KDC in requested realm
while getting initial credentials

still exist.  If I force it to version 4 KRB it seems to work with the
krb5.conf:

/usr/local/kerberos/bin/kinit -4 xxxxxxx
Password for xxxxxx at xxx.xxxxxxxxxx.xxx:
kinit(v4): Can't send request (send_to_kdc)

The krb5.conf file is the same file that worked with the 1.3.6 version
of KRB5.  It does not seem to work with KRB 1.4 or 1.4.1.  Any one
having similar problems or solutions ?

Thanks,
Lamar

-----Original Message-----
From: Saxon, Lamar
Sent: Monday, April 25, 2005 11:08 AM
To: 'Tom Yu'
Cc: kerberos at mit.edu
Subject: RE: KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2

The compile with CC works with no issues.

The other issue still remains.

"Cannot resolve network address for KDC in requested realm while getting
initial credentials"

I tried kinit with the -k and verbose; but not with a password.  I will
post the results once I get it accomplished.

Thanks,

Lamar

-----Original Message-----
From: Tom Yu [mailto:tlyu at MIT.EDU]
Sent: Thursday, April 21, 2005 2:18 PM
To: Saxon, Lamar
Cc: kerberos at mit.edu
Subject: Re: KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2

>>>>> "Lamar" ==   <Lamar.Saxon at americredit.com> writes:

Lamar> I tested KRB5 1.3.6 on AIX 5.2 using C for AIX and the installed
make.
Lamar> Created a krb5.conf and krb5.keytab to talk to a Windows 2k AD
Domain
Lamar> Controller.  Had no issues, connected and received tickets fine.

Lamar> I recently installed KRB5 1.4 on the same machine after removing
the
Lamar> 1.3.6 footprint.  I encountered an issue seen by others with the
error:

Lamar> "Syntax error at line 1 : `(' is not matched"

Lamar> when using AIX's make; but it seems to work fine using GNU Make.

This was ticket #2992, which will be fixed in the upcoming krb5-1.4.1
release.

Lamar> After compiling and doing a make install, I consistently receive
the
Lamar> following message when using kinit while using the same keytab
and
Lamar> configuration as 1.3.6:

Lamar> "Cannot resolve network address for KDC in requested realm while
getting
Lamar> initial credentials"

This might have been fixed by ticket #2974, which will be included in
the upcoming krb5-1.4.1 release.  Could you please try the
krb5-1.4.1-beta1 distribution to see if that works?  Does kinit using
a password work correctly?  In any case, I doubt it's specific to AIX,
though the possibility does exist.

Lamar> Is there a significant change to krb5.conf between 1.3.6 and 1.4
?  The
Lamar> binaries seem to work fine; but it does not look like it is even
looking
Lamar> at the krb5.conf file.  I can change the name or move it and the
message
Lamar> stays the same.  I have tried disabling DNS for realm and kdc;
put
Lamar> master_kdc in the entries; but still does not even act like it is
Lamar> looking at this file.

There have been some changes to the SRV record handling code, I think.

---Tom

Privileged and Confidential.  This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information.  If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail.  You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.