Network address resolution problem on AIX

Claus Lund clund at tax.state.vt.us
Fri Aug 26 07:40:00 EDT 2005


Thank you to everybody who responded!
It seems there is a problem when using Kerberos 1.4.x and AIX 5.2. I tried
compiling 1.3.6 and everything worked right out of the box... I'll see if I
can find the time to play with the patches that Milton pointed me to ... or
else I'll just have to stay with the 1.3 series until AIX and/or the 1.4
series is fixed.

Thank you!
Claus
  -----Original Message-----
  From: Milton Turley [mailto:mturley at lanl.gov]
  Sent: Thursday, August 25, 2005 9:48 AM
  To: Claus Lund
  Subject: Re: Network address resolution problem on AIX


  There are several patches for AIX using kerberos.  This particular patch
is at

  http://www.mail-archive.com/kerberos@mit.edu/msg08307.html

  There are 3 others needed to make kerberos work with AIX 5.2.


  Milton

  At 02:29 PM 8/24/2005, you wrote:

    I have struggled with this for almost two days now and I just can't seem
to
    get past this hurdle... Hopefully somebody out there will say: "Duh,
you're
    doing XYZ wrong!".
    I keep getting a "kinit(v5): Cannot resolve network address for KDC in
    requested realm while getting initial credentials" error when I run
kinit.

    System:
    AIX5.2 ML6
    gcc version 3.3.2

    Building Kerberos:
    root at tax178:/tmp/kerberos/krb5-1.4.2/src
     # ./configure --without-krb4 --disable-athena --prefix=/usr/local

    I get some warnings during compilation but it seems to finish. When I
run
    make test it goes through a bunch of it and then finishes with an error
(at
    the bottom of this mail) but I think I read somewhere that there were
some
    extra requirements for the final tests and failing them does not
necessarily
    mean that there is anything wrong.

    I install it and create /etc/krb5.conf:
    [libdefaults]
            default_realm = TESTDOMAIN.TAX.STATE.VT.US

    [realms]
            TESTDOMAIN.TAX.STATE.VT.US = {
                    kdc = tax106.testdomain.tax.state.vt.us
            }

    [domain_realms]
            .testdomain.tax.state.vt.us = TESTDOMAIN.TAX.STATE.VT.US

    The KDC is a Windows 2000 AD server.
    At this point I try to run kinit and get the following error:
     # kinit clund at TESTDOMAIN.TAX.STATE.VT.US
    kinit(v5): Cannot resolve network address for KDC in requested realm
while
    getting initial credentials

    But as far as I can tell everything is alright on the DNS side. Running
the
    resolve program seems to agree:
    root at tax178:/tmp/kerberos/krb5-1.4.2/src
     # ./tests/resolve/resolve tax106
    Hostname:  tax106
    Host address: 10.0.89.130
    FQDN: tax106.testdomain.tax.state.vt.us
    Resolve library appears to have passed the test
    root at tax178:/tmp/kerberos/krb5-1.4.2/src
     # ./tests/resolve/resolve tax106.testdomain.tax.state.vt.us
    Hostname:  tax106.testdomain.tax.state.vt.us
    Host address: 10.0.89.130
    FQDN: tax106.testdomain.tax.state.vt.us
    Resolve library appears to have passed the test

    Thanks in advance,
    Claus

    Part of the "make test" output:
    Running test (ATHENA.MIT.EDU) (/COM/HP/APOLLO) (,EDU,/COM,), expecting
error
    ...
    Expected error found.

    Running test (ATHENA.MIT.EDU) (/COM/HP/APOLLO) (,EDU, /COM,) ...
    Got: /COM /COM/HP EDU MIT.EDU
    Exp: /COM /COM/HP EDU MIT.EDU

    Running test (ATHENA.MIT.EDU) (CS.CMU.EDU) (,EDU,) ...
    Got: CMU.EDU EDU MIT.EDU
    Exp: CMU.EDU EDU MIT.EDU

    Running test (XYZZY.ATHENA.MIT.EDU) (XYZZY.CS.CMU.EDU) (,EDU,) ...
    Got: ATHENA.MIT.EDU CMU.EDU CS.CMU.EDU EDU MIT.EDU
    Exp: ATHENA.MIT.EDU CMU.EDU CS.CMU.EDU EDU MIT.EDU

    Success.
    Target "check" is up to date.
    making check in lib/krb5/os...
            gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION
=\"\
    " -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5
_PRI
    VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -
DHAV
    E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_
DN_S
    KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_
ATTR
    _WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1 
-DHA
    VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INI
T_IN
    _THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 
-DHA
    VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DH
AVE_
    INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE
_RE_
    COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtyp
e=vo
    id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME
_ARG
    2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_
TYPE
    =struct\
    sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t   -I../../../include -I./../../.
./in
    clude  -I../../../include/krb5 -I./../../../include/krb5    -g -O2 -Wall
 -Wm
    issing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow -pedan
tic
    -D_THREAD_SAFE   -c t_std_conf.c
            gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -
g -O
    2 -Wall -Wmissing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wsh
adow
     -pedantic -D_THREAD_SAFE   -o t_std_conf t_std_conf.o def_realm.o
    get_krbhst.o realm_dom.o  hst_realm.o init_os_ctx.o locate_kdc.o
    nsglue.o  -lkrb5 -lk5crypto -lcom_err -lkrb5support  -lpthreads
            gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION
=\"\
    " -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5
_PRI
    VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -
DHAV
    E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_
DN_S
    KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_
ATTR
    _WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1 
-DHA
    VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INI
T_IN
    _THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 
-DHA
    VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DH
AVE_
    INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE
_RE_
    COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtyp
e=vo
    id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME
_ARG
    2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_
TYPE
    =struct\
    sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t   -I../../../include -I./../../.
./in
    clude  -I../../../include/krb5 -I./../../../include/krb5    -g -O2 -Wall
 -Wm
    issing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow -pedan
tic
    -D_THREAD_SAFE   -c t_an_to_ln.c
    t_an_to_ln.c: In function `main':
    t_an_to_ln.c:8: warning: `kret' might be used uninitialized in this
function
            gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -
g -O
    2 -Wall -Wmissing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wsh
adow
     -pedantic -D_THREAD_SAFE   -o t_an_to_ln t_an_to_ln.o
    an_to_ln.o  -lkrb5 -lk5crypto -lcom_err -lkrb5support  -lpthreads
            gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION
=\"\
    " -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5
_PRI
    VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -
DHAV
    E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_
DN_S
    KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_
ATTR
    _WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1 
-DHA
    VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INI
T_IN
    _THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 
-DHA
    VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DH
AVE_
    INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE
_RE_
    COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtyp
e=vo
    id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME
_ARG
    2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_
TYPE
    =struct\
    sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t   -I../../../include -I./../../.
./in
    clude  -I../../../include/krb5 -I./../../../include/krb5    -g -O2 -Wall
 -Wm
    issing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow -pedan
tic
    -D_THREAD_SAFE   -c t_locate_kdc.c
    t_locate_kdc.c:21: warning: no previous prototype for `kfatal'
    t_locate_kdc.c:27: warning: no previous prototype for `stypename'
    t_locate_kdc.c:43: warning: no previous prototype for `print_addrs'
            gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -
g -O
    2 -Wall -Wmissing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wsh
adow
     -pedantic -D_THREAD_SAFE   -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -
DPAC
    KAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_
BT_R
    SEQ=1 -DKRB5_PRIVATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB
5_DN
    S_LOOKUP=1 -DHAVE_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCO
MPRE
    SS=1 -DHAVE_DN_SKIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS
=1 -
    DDESTRUCTOR_ATTR_WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -
DHAV
    E_PTHREAD=1 -DHAVE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PT
HREA
    D_RWLOCK_INIT_IN_THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHA
VE_S
    YS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE
_STR
    INGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_
REGC
    OMP=1 -DHAVE_RE_COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE
=1 -
    Dkrb5_sigtype=void -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_
TYPE
    =GETSOCKNAME_ARG2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DG
ETSO
    CKNAME_ARG2_TYPE=struct\
    ckaddr -DGETSOCKNAME_ARG3_TYPE=size_t   -I../../../include -I./../../../
incl
    ude  -I../../../include/krb5 -I./../../../include/krb5    -g -O2 -Wall -
Wmis
    sing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow -pedanti
c -D
    _THREAD_SAFE   -o t_locate_kdc
    t_locate_kdc.o  -lkrb5 -lk5crypto -lcom_err -lkrb5support  -lpthreads
            KRB5_CONFIG=./td_krb5.conf ; export KRB5_CONFIG ;
    LIBPATH=`echo -L../../../lib | sed -e "s/-L//g" -e "s/
    /:/g"`:/usr/local/lib:/usr/lib:/usr/local/lib; export LIBPATH;
    ./t_std_conf  -d -s NEW.DEFAULT.REALM -d  -k IGGY.ORG -k
    EFAULT_REALM.TST  -D DEFAULT_REALM.TST -r bad.idea -r itar.bad.idea  -r
    really.BAD.IDEA. -r clipper.bad.idea -r KeYEsCrOW.BaD.IDea  -r
    pgp.good.idea -r no_domain > test.out
            cmp test.out ./ref_std_conf.out
            rm -f test.out
            KRB5_CONFIG=./td_krb5.conf ; export KRB5_CONFIG ;
    LIBPATH=`echo -L../../../lib | sed -e "s/-L//g" -e "s/
    /:/g"`:/usr/local/lib:/usr/lib:/usr/local/lib; export LIBPATH;
    ./t_locate_kdc ATHENA.MIT.EDU
    looking in krb5.conf for realm ATHENA.MIT.EDU entry kdc; ports 88,750
    config file lookup failed: Profile relation not found
    walking answer list:
            port=88 host=KERBEROS.MIT.EDU.
    adding hostname KERBEROS.MIT.EDU., ports 88,0, family 0, socktype 2
            getaddrinfo("KERBEROS.MIT.EDU.", "88", ...)
            returns 8: Hostname and service name not provided or found
            port=88 host=KERBEROS-1.MIT.EDU.
    adding hostname KERBEROS-1.MIT.EDU., ports 88,0, family 0, socktype 2
            getaddrinfo("KERBEROS-1.MIT.EDU.", "88", ...)
            returns 8: Hostname and service name not provided or found
            port=88 host=KERBEROS-2.MIT.EDU.
    adding hostname KERBEROS-2.MIT.EDU., ports 88,0, family 0, socktype 2
            getaddrinfo("KERBEROS-2.MIT.EDU.", "88", ...)
            returns 8: Hostname and service name not provided or found
    [end]
    krb5int_locate_server found 0 addresses
    t_locate_kdc: Cannot resolve network address for KDC in requested
realm -
    exiting
    make: 1254-004 The error code from the last command is 1.


    Stop.
    make: 1254-004 The error code from the last command is 1.


    Stop.
    make: 1254-004 The error code from the last command is 1.


    Stop.
    make: 1254-004 The error code from the last command is 1.

    ____________________________________________
    Claus Lund
    Systems Developer

    Department of Taxes
    Information Systems
    109 State Street
    Montpelier, Vermont 05609
    (802) 828-3735

    ________________________________________________
    Kerberos mailing list           Kerberos at mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


More information about the Kerberos mailing list