mac heimmal / MIT server problem with 2FA

Charles Hedrick hedrick at rutgers.edu
Wed Sep 26 11:43:16 EDT 2018


Client: Mac Mojave
Server: IPA newest version

Command: /usr/bin/kinit --fast-armor-cache=FILE:/tmp/krb5cc_1003 hedrick
with KRB5_TRACE set, shows it is sending UDP packets to the server but getting no response.

tcpdump shows the packets, but there is no entry for the transaction in /var/log/krb5kdc.log

changing to tcp has no effect. tcpdump shows a connection is established, but krb5kdc.log doesn’t show it. The client says

failed to get nbytes from socket, no bytes there?: tcp 128.6.4.10:88 (krb2.cs.rutgers.edu) tid: 00000002

tcpdump shows the client opened a connection and sent 972 bytes. The server closed the connection.

An MIT Kerberos client installed through Macports works fine.






More information about the Kerberos mailing list