Problems with kadmind, kpasswd and cross-realm authentication

Markus Moeller huaraz at moeller.plus.com
Mon Sep 24 16:38:37 EDT 2007


What do you see when you capture the traffic with wireshark on port 88 and 
464 ?  Do you see the correct kadmin/changepw at REALM tickets ?

Markus

"Anthony Brock" <brocka at sterlingcgi.com> wrote in message 
news:mailman.110.1190648781.2905.kerberos at mit.edu...
>> -----Original Message-----
>> Any ideas?
>>
>> The man page states that kadmind should be able to change
>> passwords for any
>> realms that have an associated kadmin/changepw@<REALM> and
>> kadmin/admin@<REALM> principal. Is this still true? Or has
>> support for this
>> functionality been dropped? If not, what debugging can be performed to
>> identify the cause of the issue?
>>
>> Ideas?
>>
>> Tony
>
> Given that it's been 3 weeks and nobody has any suggestions for further
> troubleshooting or identifying the issue, should this be submitted as a 
> bug
> in kadmind? If so, how do I submit it? Is there a documented process for
> this?
>
> Also, are there any suggested workarounds? I've seen references from 2004 
> to
> people running a separate kadmind daemon for each realm using different 
> port
> numbers. Is this safe against a single db? If not, how do you migrate a
> realm out of the default db into a separate db files?
>
> Thanks!
>
> Tony
> 





More information about the Kerberos mailing list