Network address resolution problem on AIX
Claus Lund
clund at tax.state.vt.us
Fri Aug 26 07:40:00 EDT 2005
Thank you to everybody who responded!
It seems there is a problem when using Kerberos 1.4.x and AIX 5.2. I tried
compiling 1.3.6 and everything worked right out of the box... I'll see if I
can find the time to play with the patches that Milton pointed me to ... or
else I'll just have to stay with the 1.3 series until AIX and/or the 1.4
series is fixed.
Thank you!
Claus
-----Original Message-----
From: Milton Turley [mailto:mturley at lanl.gov]
Sent: Thursday, August 25, 2005 9:48 AM
To: Claus Lund
Subject: Re: Network address resolution problem on AIX
There are several patches for AIX using kerberos. This particular patch
is at
http://www.mail-archive.com/kerberos@mit.edu/msg08307.html
There are 3 others needed to make kerberos work with AIX 5.2.
Milton
At 02:29 PM 8/24/2005, you wrote:
I have struggled with this for almost two days now and I just can't seem
to
get past this hurdle... Hopefully somebody out there will say: "Duh,
you're
doing XYZ wrong!".
I keep getting a "kinit(v5): Cannot resolve network address for KDC in
requested realm while getting initial credentials" error when I run
kinit.
System:
AIX5.2 ML6
gcc version 3.3.2
Building Kerberos:
root at tax178:/tmp/kerberos/krb5-1.4.2/src
# ./configure --without-krb4 --disable-athena --prefix=/usr/local
I get some warnings during compilation but it seems to finish. When I
run
make test it goes through a bunch of it and then finishes with an error
(at
the bottom of this mail) but I think I read somewhere that there were
some
extra requirements for the final tests and failing them does not
necessarily
mean that there is anything wrong.
I install it and create /etc/krb5.conf:
[libdefaults]
default_realm = TESTDOMAIN.TAX.STATE.VT.US
[realms]
TESTDOMAIN.TAX.STATE.VT.US = {
kdc = tax106.testdomain.tax.state.vt.us
}
[domain_realms]
.testdomain.tax.state.vt.us = TESTDOMAIN.TAX.STATE.VT.US
The KDC is a Windows 2000 AD server.
At this point I try to run kinit and get the following error:
# kinit clund at TESTDOMAIN.TAX.STATE.VT.US
kinit(v5): Cannot resolve network address for KDC in requested realm
while
getting initial credentials
But as far as I can tell everything is alright on the DNS side. Running
the
resolve program seems to agree:
root at tax178:/tmp/kerberos/krb5-1.4.2/src
# ./tests/resolve/resolve tax106
Hostname: tax106
Host address: 10.0.89.130
FQDN: tax106.testdomain.tax.state.vt.us
Resolve library appears to have passed the test
root at tax178:/tmp/kerberos/krb5-1.4.2/src
# ./tests/resolve/resolve tax106.testdomain.tax.state.vt.us
Hostname: tax106.testdomain.tax.state.vt.us
Host address: 10.0.89.130
FQDN: tax106.testdomain.tax.state.vt.us
Resolve library appears to have passed the test
Thanks in advance,
Claus
Part of the "make test" output:
Running test (ATHENA.MIT.EDU) (/COM/HP/APOLLO) (,EDU,/COM,), expecting
error
...
Expected error found.
Running test (ATHENA.MIT.EDU) (/COM/HP/APOLLO) (,EDU, /COM,) ...
Got: /COM /COM/HP EDU MIT.EDU
Exp: /COM /COM/HP EDU MIT.EDU
Running test (ATHENA.MIT.EDU) (CS.CMU.EDU) (,EDU,) ...
Got: CMU.EDU EDU MIT.EDU
Exp: CMU.EDU EDU MIT.EDU
Running test (XYZZY.ATHENA.MIT.EDU) (XYZZY.CS.CMU.EDU) (,EDU,) ...
Got: ATHENA.MIT.EDU CMU.EDU CS.CMU.EDU EDU MIT.EDU
Exp: ATHENA.MIT.EDU CMU.EDU CS.CMU.EDU EDU MIT.EDU
Success.
Target "check" is up to date.
making check in lib/krb5/os...
gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION
=\"\
" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5
_PRI
VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -
DHAV
E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_
DN_S
KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_
ATTR
_WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1
-DHA
VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INI
T_IN
_THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHA
VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DH
AVE_
INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE
_RE_
COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtyp
e=vo
id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME
_ARG
2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_
TYPE
=struct\
sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t -I../../../include -I./../../.
./in
clude -I../../../include/krb5 -I./../../../include/krb5 -g -O2 -Wall
-Wm
issing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow -pedan
tic
-D_THREAD_SAFE -c t_std_conf.c
gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -
g -O
2 -Wall -Wmissing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wsh
adow
-pedantic -D_THREAD_SAFE -o t_std_conf t_std_conf.o def_realm.o
get_krbhst.o realm_dom.o hst_realm.o init_os_ctx.o locate_kdc.o
nsglue.o -lkrb5 -lk5crypto -lcom_err -lkrb5support -lpthreads
gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION
=\"\
" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5
_PRI
VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -
DHAV
E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_
DN_S
KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_
ATTR
_WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1
-DHA
VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INI
T_IN
_THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHA
VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DH
AVE_
INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE
_RE_
COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtyp
e=vo
id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME
_ARG
2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_
TYPE
=struct\
sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t -I../../../include -I./../../.
./in
clude -I../../../include/krb5 -I./../../../include/krb5 -g -O2 -Wall
-Wm
issing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow -pedan
tic
-D_THREAD_SAFE -c t_an_to_ln.c
t_an_to_ln.c: In function `main':
t_an_to_ln.c:8: warning: `kret' might be used uninitialized in this
function
gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -
g -O
2 -Wall -Wmissing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wsh
adow
-pedantic -D_THREAD_SAFE -o t_an_to_ln t_an_to_ln.o
an_to_ln.o -lkrb5 -lk5crypto -lcom_err -lkrb5support -lpthreads
gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION
=\"\
" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5
_PRI
VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -
DHAV
E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_
DN_S
KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_
ATTR
_WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1
-DHA
VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INI
T_IN
_THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHA
VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DH
AVE_
INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE
_RE_
COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtyp
e=vo
id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME
_ARG
2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_
TYPE
=struct\
sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t -I../../../include -I./../../.
./in
clude -I../../../include/krb5 -I./../../../include/krb5 -g -O2 -Wall
-Wm
issing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow -pedan
tic
-D_THREAD_SAFE -c t_locate_kdc.c
t_locate_kdc.c:21: warning: no previous prototype for `kfatal'
t_locate_kdc.c:27: warning: no previous prototype for `stypename'
t_locate_kdc.c:43: warning: no previous prototype for `print_addrs'
gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -
g -O
2 -Wall -Wmissing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wsh
adow
-pedantic -D_THREAD_SAFE -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -
DPAC
KAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_
BT_R
SEQ=1 -DKRB5_PRIVATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB
5_DN
S_LOOKUP=1 -DHAVE_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCO
MPRE
SS=1 -DHAVE_DN_SKIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS
=1 -
DDESTRUCTOR_ATTR_WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -
DHAV
E_PTHREAD=1 -DHAVE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PT
HREA
D_RWLOCK_INIT_IN_THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHA
VE_S
YS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE
_STR
INGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_
REGC
OMP=1 -DHAVE_RE_COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE
=1 -
Dkrb5_sigtype=void -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_
TYPE
=GETSOCKNAME_ARG2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DG
ETSO
CKNAME_ARG2_TYPE=struct\
ckaddr -DGETSOCKNAME_ARG3_TYPE=size_t -I../../../include -I./../../../
incl
ude -I../../../include/krb5 -I./../../../include/krb5 -g -O2 -Wall -
Wmis
sing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow -pedanti
c -D
_THREAD_SAFE -o t_locate_kdc
t_locate_kdc.o -lkrb5 -lk5crypto -lcom_err -lkrb5support -lpthreads
KRB5_CONFIG=./td_krb5.conf ; export KRB5_CONFIG ;
LIBPATH=`echo -L../../../lib | sed -e "s/-L//g" -e "s/
/:/g"`:/usr/local/lib:/usr/lib:/usr/local/lib; export LIBPATH;
./t_std_conf -d -s NEW.DEFAULT.REALM -d -k IGGY.ORG -k
EFAULT_REALM.TST -D DEFAULT_REALM.TST -r bad.idea -r itar.bad.idea -r
really.BAD.IDEA. -r clipper.bad.idea -r KeYEsCrOW.BaD.IDea -r
pgp.good.idea -r no_domain > test.out
cmp test.out ./ref_std_conf.out
rm -f test.out
KRB5_CONFIG=./td_krb5.conf ; export KRB5_CONFIG ;
LIBPATH=`echo -L../../../lib | sed -e "s/-L//g" -e "s/
/:/g"`:/usr/local/lib:/usr/lib:/usr/local/lib; export LIBPATH;
./t_locate_kdc ATHENA.MIT.EDU
looking in krb5.conf for realm ATHENA.MIT.EDU entry kdc; ports 88,750
config file lookup failed: Profile relation not found
walking answer list:
port=88 host=KERBEROS.MIT.EDU.
adding hostname KERBEROS.MIT.EDU., ports 88,0, family 0, socktype 2
getaddrinfo("KERBEROS.MIT.EDU.", "88", ...)
returns 8: Hostname and service name not provided or found
port=88 host=KERBEROS-1.MIT.EDU.
adding hostname KERBEROS-1.MIT.EDU., ports 88,0, family 0, socktype 2
getaddrinfo("KERBEROS-1.MIT.EDU.", "88", ...)
returns 8: Hostname and service name not provided or found
port=88 host=KERBEROS-2.MIT.EDU.
adding hostname KERBEROS-2.MIT.EDU., ports 88,0, family 0, socktype 2
getaddrinfo("KERBEROS-2.MIT.EDU.", "88", ...)
returns 8: Hostname and service name not provided or found
[end]
krb5int_locate_server found 0 addresses
t_locate_kdc: Cannot resolve network address for KDC in requested
realm -
exiting
make: 1254-004 The error code from the last command is 1.
Stop.
make: 1254-004 The error code from the last command is 1.
Stop.
make: 1254-004 The error code from the last command is 1.
Stop.
make: 1254-004 The error code from the last command is 1.
____________________________________________
Claus Lund
Systems Developer
Department of Taxes
Information Systems
109 State Street
Montpelier, Vermont 05609
(802) 828-3735
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list