in Kerberos
Re: compile KDC with KKDCP support
daemon@ATHENA.MIT.EDU (Jim Shi)
Tue Aug 28 11:35:41 2018
Date: Tue, 28 Aug 2018 15:35:20 +0000 (UTC)
From: Jim Shi <email@example.com>
To: "firstname.lastname@example.org" <email@example.com>, Greg Hudson <firstname.lastname@example.org>
Content-Type: text/plain; charset="utf-8"
I undestood kkdcp supprt is in client lib.
But in my test (kinit), it seems the client is not making https request to the proxy server.
Do you have any idea?
On Monday, August 27, 2018, 11:08:31 PM PDT, Greg Hudson <email@example.com> wrote:
On 08/27/2018 07:47 PM, Jim Shi wrote:
> I have another questions.
> to compile KDC with kkdcp support, do I need pass in any special flag(s)?
> Or kkdcp is supported by default in recent code?
We have KKDCP support in the client library, but not natively in the
KDC. You can run a proxy KKDCP server using
https://github.com/latchset/kdcproxy (available as kdcproxy in the
Python package index).
> The reason I ask this question, is that when I run a test: (I do have kdc = https://.... configured for the realm). It does not seem to make https connection to the server. Here is the trace log:
> host:~/test/bin] kdct$ env KRB5_TRACE=/dev/stdout ./kinit xxx@***
> init module "encrypted_timestamp", pa_type 2, flag 1
These messages look like output from compiling with -DDEBUG, not trace
logs. That syntax looks correct for setting KRB5_TRACE, so I'm not sure
why you're not seeing trace logs.
Kerberos mailing list Kerberos@mit.edu