11 mar 2012 kl. 11:50 skrev Simon Wilkinson:
>
> On 11 Mar 2012, at 17:42, Jaap Winius wrote:
>
>> Today I attempted to get a Kerberos client running on Mac OS X. This
>> is 10.7 (Lion) system on which I had just installed a package from the
>> mit.edu site called Mac_OS_X_10.4_10.6_Kerberos_Extras.dmg.
>
> Lion uses a Heimdal based Kerberos, rather than a MIT one. Whilst it does
> provide a shim layer to support the MIT API, the shim is far from complete.
> Many of the functions are just stubbed out, and return error codes.
>
>> However, it refuses to work. When I try to contact the Kerberos admin
>> server the following error appears:
>>
>> kadmin: kadm5_init_with_password: init_sec_context failed with
>> 851968/-1765328189
>
> Heimdal uses a different kadmin protocol than MIT - I suspect that this is
> probably where things are going wrong, although that error is "No credentials
> cache found". From memory, a Heimdal KDC can accept the MIT kadmin protocol,
> but a MIT KDC won't accept the Heimdal one.
In this case, Heimdal kadmin doesn't implement the initial credential fetching.
So if you do
kinit -S kadmin/admin adminuser@REALM
it will work just fine.
Lion also defaults to using MIT version of the protocol, and supports it both
in the server and client.
Love
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
