MacOSX Tiger kadmin uses a non-standard service principal
Ben Poliakoff
benp at reed.edu
Thu May 5 17:55:49 EDT 2005
* Tom Yu <tlyu at MIT.EDU> [20050505 14:46]:
> The admin protocol changed in krb5-1.4 (which is what Tiger's krb5 is
> based on), for compatibility with Sun's kadmin protocol, which uses
> the standards-track RPCSEC_GSS authentication flavor, rather than the
> old non-standard authentication flavor used previously. Sun's kadmin
> protocol uses kadmin/FQDN rather than kadmin/admin for the service
> principal. Support for transparent fallback of the kadmin protocol
> was not implemented until krb5-1.4.1.
Thanks much for the quick explanation!
> One workaround is to invoke the kadmin client with the "-O" flag to
> force the use of the old protocol, or to upgrade to krb5-1.4.1. I
> don't know when Apple intends to pick up krb5-1.4.1.
Thanks again. The -O option will work for now. With upgrades all
around in the near future.
Ben
More information about the Kerberos
mailing list