[38316] in Kerberos

home help back first fref pref prev next nref lref last post

Re: compile KDC with KKDCP support

daemon@ATHENA.MIT.EDU (Jim Shi)
Tue Aug 28 11:35:41 2018

Date: Tue, 28 Aug 2018 15:35:20 +0000 (UTC)
From: Jim Shi <hjshi@yahoo.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>, Greg Hudson <ghudson@mit.edu>
Message-ID: <1757793588.5046531.1535470520147@mail.yahoo.com>
In-Reply-To: <c7349ec5-142e-9b1b-edc0-a10bb3aac8df@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

 Hi, Greg,
I undestood kkdcp supprt is in client lib. 
But in my test (kinit), it seems the client is not making https request to the proxy server.
Do you have any idea?
    On Monday, August 27, 2018, 11:08:31 PM PDT, Greg Hudson <ghudson@mit.edu> wrote:  
 On 08/27/2018 07:47 PM, Jim Shi wrote:
> I have another questions.
> to compile KDC with kkdcp support, do I need pass in any special flag(s)?
> Or kkdcp is supported by default in recent code?

We have KKDCP support in the client library, but not natively in the 
KDC.  You can run a proxy KKDCP server using 
https://github.com/latchset/kdcproxy (available as kdcproxy in the 
Python package index).

> The reason I ask this question, is that when I run a test: (I do have kdc = https://.... configured for the realm). It does not seem to make https connection to the  server. Here is the trace log:
> host:~/test/bin] kdct$ env KRB5_TRACE=/dev/stdout ./kinit xxx@***
> init module "encrypted_timestamp", pa_type 2, flag 1

These messages look like output from compiling with -DDEBUG, not trace 
logs.  That syntax looks correct for setting KRB5_TRACE, so I'm not sure 
why you're not seeing trace logs.
Kerberos mailing list           Kerberos@mit.edu

home help back first fref pref prev next nref lref last post