joining netbsd 1.6.1 (heimdal-0.4e-nb2) to MIT kdc on linux (krb5-1.3.5) error

Henry B. Hotz hotz at jpl.nasa.gov
Fri Mar 11 02:53:47 EST 2005 

On Mar 4, 2005, at 9:01 AM, kerberos-request at mit.edu wrote:

> Date: 4 Mar 2005 04:17:04 -0800
> From: "KV2" <vvk at smartlogic.ru>
> To: kerberos at MIT.EDU
> Subject: joining netbsd 1.6.1 (heimdal-0.4e-nb2) to MIT kdc on linux
>  (krb5-1.3.5) error
> Message-ID: <1109938624.607189.31710 at z14g2000cwz.googlegroups.com>
> Precedence: list
> Message: 7
>
> Hello, I get following errors when trying set up kerberos on netbsd
> 1.6.1 system:
>  netb#  kadmin
>  kadmin> list princs
>  root/admin at SWAMP.RU's Password:
>  ---if wrong password given, it prints "get princs: Incorrect
> password"and give up,
>      if the password matches than kadmin sleep forever on  READ call,
> (from ktrace/kdump output)...

The authentication and password change protocols are standard.  The  
admin protocol isn't.  You can't use a Heimdal kadmin with an MIT  
kadmind.

>  Configuration of realm is simple: main kdc on linux with MIT
> krb5-1.3.5, there are some other linux system on net, successfuly
> using kerberos in auth to telnet, ftp services, /etc/krb5.conf on
> systems are exactly identical.
>
>  Is it version incompability or config error?  What should I do - I
> think install mit krb on this system surely help, but is there other
> ways, some people told me that heimdal totally compatible with MIT, is
> it right?

"on the wire" the basic authentication protocol is very compatible.   
Not sure how far back the password change compatibility works.   
Generally you should have no problems with a NetBSD/Heimdal client and  
an MIT server (as I think you are trying).

Note that the Heimdal in NetBSD 1.6.1 is fairly old.  Version  
0.5-something at best, while they are working on 0.7 now.

>   I'am almost totally new in using kerberos, any help appreciated.
>
>    Thanks in advance :-)
>   Vladimir.
>
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the Kerberos mailing list