Lion problems

Simon Wilkinson simon at sxw.org.uk
Sun Mar 11 14:50:05 EDT 2012


On 11 Mar 2012, at 17:42, Jaap Winius wrote:

> Today I attempted to get a Kerberos client running on Mac OS X. This  
> is 10.7 (Lion) system on which I had just installed a package from the  
> mit.edu site called Mac_OS_X_10.4_10.6_Kerberos_Extras.dmg.

Lion uses a Heimdal based Kerberos, rather than a MIT one. Whilst it does provide a shim layer to support the MIT API, the shim is far from complete. Many of the functions are just stubbed out, and return error codes.

> However, it refuses to work. When I try to contact the Kerberos admin  
> server the following error appears:
> 
>   kadmin: kadm5_init_with_password: init_sec_context failed with  
> 851968/-1765328189

Heimdal uses a different kadmin protocol than MIT - I suspect that this is probably where things are going wrong, although that error is "No credentials cache found". From memory, a Heimdal KDC can accept the MIT kadmin protocol, but a MIT KDC won't accept the Heimdal one.

Cheers,

Simon.




More information about the Kerberos mailing list