[krbdev.mit.edu #2913] client kadm5_init incompatible with pre-1.4
Public Submitter via RT
rt-comment at krbdev.mit.edu
Mon Mar 21 12:06:16 EST 2005
[guest - Wed Mar 16 23:13:44 2005]:
> [guest - Wed Mar 16 14:15:31 2005]:
>
> >
> > As I was saying (sorry about the previous "submit")...
> >
> > It seems like this fix breaks kadmin auth. with keytab. For example:
> >
> > # kadmin -p host/binky.foonon.com -k -t /etc/krb5.keytab
> > Authenticating as principal host/binky.foonon.com with
> > keytab /etc/krb5.keytab.
> > kadmin: Cannot find KDC for requested realm while initializing
kadmin
> > interface
> >
> > jd
>
> Also, this seems to not happen when the kadmin server is running on a
> pre-1.4 KDC
>
> jd
Fixed. Here the patch:
Index: 1.4.0.3/lib/kadm5/clnt/client_init.c
--- 1.4.0.3/lib/kadm5/clnt/client_init.c Thu, 10 Mar 2005 09:57:33 -
0500 jd (MIT
-krb5-src/g/e/2_client_ini 1.2 644)
+++ 1.4.0.3(w)/lib/kadm5/clnt/client_init.c Mon, 21 Mar 2005 11:41:17 -
0500 jd (
MIT-krb5-src/g/e/2_client_ini 1.2 644)
@@ -435,6 +435,7 @@
client, pass, svcname, realm,
full_svcname, full_svcname_len);
if ((code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
+ || code == KRB5_REALM_UNKNOWN
|| code == KRB5_CC_NOTFOUND) && svcname_in == NULL) {
/* Retry with old host-independent service princpal. */
code = kadm5_gic_iter(handle, init_type, ccache,
jd
More information about the krb5-bugs
mailing list