compile KDC with KKDCP support

Jim Shi hjshi at yahoo.com
Tue Aug 28 11:35:20 EDT 2018


 Hi, Greg,
I undestood kkdcp supprt is in client lib. 
But in my test (kinit), it seems the client is not making https request to the proxy server.
Do you have any idea?
Thanks.
Jim
    On Monday, August 27, 2018, 11:08:31 PM PDT, Greg Hudson <ghudson at mit.edu> wrote:  
 
 On 08/27/2018 07:47 PM, Jim Shi wrote:
> I have another questions.
> to compile KDC with kkdcp support, do I need pass in any special flag(s)?
> Or kkdcp is supported by default in recent code?

We have KKDCP support in the client library, but not natively in the 
KDC.  You can run a proxy KKDCP server using 
https://github.com/latchset/kdcproxy (available as kdcproxy in the 
Python package index).

> The reason I ask this question, is that when I run a test: (I do have kdc = https://.... configured for the realm). It does not seem to make https connection to the  server. Here is the trace log:
> 
> host:~/test/bin] kdct$ env KRB5_TRACE=/dev/stdout ./kinit xxx@***
> 
> init module "encrypted_timestamp", pa_type 2, flag 1
[...]

These messages look like output from compiling with -DDEBUG, not trace 
logs.  That syntax looks correct for setting KRB5_TRACE, so I'm not sure 
why you're not seeing trace logs.
  


More information about the Kerberos mailing list