[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

krb5-1.7 does not work properly



Hello,
I cannot find a similar report, so maybe I am doing something wrong, so
I kindly ask if someone could give me a hint. I am not subscribed to
the list, so please at least CC me in reply.

Since the update to krb5-1.7 in sid I cannot authenticate to services
anymore.
KDCs I tried are the ones from krb5 1.6 & 1.7 and Win2k3 AD.
To get a reproducible setup I installed a small krb5 1.7 kdc
environment. To check if I can get a TGT I did the following as root on
the kdc:

# kinit root/admin
Password for root/admin@HOME.LAN:

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root/admin@HOME.LAN

Valid starting     Expires            Service principal
05/21/09 11:24:04  05/21/09 21:24:04  krbtgt/HOME.LAN@HOME.LAN
	renew until 05/22/09 11:24:01

So this works as expected, I think.

Now I do this:

# kadmin
Authenticating as principal root/admin@HOME.LAN with password.
Password for root/admin@HOME.LAN: 
kadmin: GSS-API (or Kerberos) error while initializing kadmin interface


There are other examples like ssh auth using gss-api and nfs4, all
stopped working when I upgraded the client's krb5-packages to 1.7-xxx.

Latest krb5 version I tried is 1.7dfsg~beta2-4.
Downgrading the client to 1.6.dfsg.4~beta1-13 (from testing) fixes the
problems.
System is Debian/Sid amd64 from May 21, 2009.


-- 
---------------------------------------
Malte Schröder
MalteSch@gmx.de
ICQ# 68121508
---------------------------------------

Attachment: signature.asc
Description: PGP signature


Reply to: