Lion problems
Simon Wilkinson
simon at sxw.org.uk
Sun Mar 11 14:50:05 EDT 2012
On 11 Mar 2012, at 17:42, Jaap Winius wrote:
> Today I attempted to get a Kerberos client running on Mac OS X. This
> is 10.7 (Lion) system on which I had just installed a package from the
> mit.edu site called Mac_OS_X_10.4_10.6_Kerberos_Extras.dmg.
Lion uses a Heimdal based Kerberos, rather than a MIT one. Whilst it does provide a shim layer to support the MIT API, the shim is far from complete. Many of the functions are just stubbed out, and return error codes.
> However, it refuses to work. When I try to contact the Kerberos admin
> server the following error appears:
>
> kadmin: kadm5_init_with_password: init_sec_context failed with
> 851968/-1765328189
Heimdal uses a different kadmin protocol than MIT - I suspect that this is probably where things are going wrong, although that error is "No credentials cache found". From memory, a Heimdal KDC can accept the MIT kadmin protocol, but a MIT KDC won't accept the Heimdal one.
Cheers,
Simon.
More information about the Kerberos
mailing list