Compatibilty between mixed kerberos release (KDC 1.12 client 1.10).

Todd Grayson tgrayson at cloudera.com
Wed Jul 29 22:15:09 EDT 2015


Actually the krbtgt got generated without a renewable life value (was at
0), missed this during the troubleshooting, so nothing other than the need
to express renew lifetime properly in the configuration.  Thanks tho for
the feedback.

On Wed, Jul 29, 2015 at 8:06 PM, Ken Hornstein <kenh at cmf.nrl.navy.mil>
wrote:

> >Is there any general wisdom out there about mixed KDC/Client versions?
> Are
> >there concerns around allowing environments drift to where a KDC would be
> >on a later release than the clients?
>
> FWIW, we run a whole bunch of crazy versions of Kerberos, and generally
> there is not an interoperability problem; the protocol is pretty well
> specified and in general everything works fine at that level.
>
> >There seems to be a change in default behavior in the 1.12+ where
> renewable
> >tickets must be specifically requested (RHEL 7 is including the 1.12 as
> the
> >tested krb release in platform).
>
> This is more of a problem, but I don't consider this an interoperability
> issue.
>
> --Ken
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



-- 
Todd Grayson
Customer Operations Engineering


More information about the Kerberos mailing list