compile KDC with KKDCP support
Jim Shi
hjshi at yahoo.com
Tue Aug 28 11:35:20 EDT 2018
Hi, Greg,
I undestood kkdcp supprt is in client lib.
But in my test (kinit), it seems the client is not making https request to the proxy server.
Do you have any idea?
Thanks.
Jim
On Monday, August 27, 2018, 11:08:31 PM PDT, Greg Hudson <ghudson at mit.edu> wrote:
On 08/27/2018 07:47 PM, Jim Shi wrote:
> I have another questions.
> to compile KDC with kkdcp support, do I need pass in any special flag(s)?
> Or kkdcp is supported by default in recent code?
We have KKDCP support in the client library, but not natively in the
KDC. You can run a proxy KKDCP server using
https://github.com/latchset/kdcproxy (available as kdcproxy in the
Python package index).
> The reason I ask this question, is that when I run a test: (I do have kdc = https://.... configured for the realm). It does not seem to make https connection to the server. Here is the trace log:
>
> host:~/test/bin] kdct$ env KRB5_TRACE=/dev/stdout ./kinit xxx@***
>
> init module "encrypted_timestamp", pa_type 2, flag 1
[...]
These messages look like output from compiling with -DDEBUG, not trace
logs. That syntax looks correct for setting KRB5_TRACE, so I'm not sure
why you're not seeing trace logs.
More information about the Kerberos
mailing list