Lion problems
Love Hörnquist Åstrand
lha at kth.se
Mon Mar 12 21:23:22 EDT 2012
11 mar 2012 kl. 11:50 skrev Simon Wilkinson:
>
> On 11 Mar 2012, at 17:42, Jaap Winius wrote:
>
>> Today I attempted to get a Kerberos client running on Mac OS X. This
>> is 10.7 (Lion) system on which I had just installed a package from the
>> mit.edu site called Mac_OS_X_10.4_10.6_Kerberos_Extras.dmg.
>
> Lion uses a Heimdal based Kerberos, rather than a MIT one. Whilst it does provide a shim layer to support the MIT API, the shim is far from complete. Many of the functions are just stubbed out, and return error codes.
>
>> However, it refuses to work. When I try to contact the Kerberos admin
>> server the following error appears:
>>
>> kadmin: kadm5_init_with_password: init_sec_context failed with
>> 851968/-1765328189
>
> Heimdal uses a different kadmin protocol than MIT - I suspect that this is probably where things are going wrong, although that error is "No credentials cache found". From memory, a Heimdal KDC can accept the MIT kadmin protocol, but a MIT KDC won't accept the Heimdal one.
In this case, Heimdal kadmin doesn't implement the initial credential fetching. So if you do
kinit -S kadmin/admin adminuser at REALM
it will work just fine.
Lion also defaults to using MIT version of the protocol, and supports it both in the server and client.
Love
More information about the Kerberos
mailing list