[30204] in Kerberos
Re: ktutil get
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed Aug 6 18:20:06 2008
Date: Wed, 6 Aug 2008 17:17:23 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>, kerberos@mit.edu
Message-ID: <20080806221722.GR25547@Sun.COM>
Mail-Followup-To: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>,
kerberos@mit.edu
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20080806151801.GZ25547@Sun.COM>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, Aug 06, 2008 at 10:18:01AM -0500, Nicolas Williams wrote:
> On Wed, Aug 06, 2008 at 03:38:27AM +0000, Victor Sudakov wrote:
> > Victor Sudakov wrote:
> >
> > > It is a pity I cannot check it out because Solaris' kadmin seems to be
> > > incompatible with FreeBSD's kadmind:
> > > $ kadmin
> > > kadmin: unable to get host based service name for realm SIBPTUS.TOMSK.RU
> >
> > I see, Solaris kadmin looks for _kerberos-adm._udp.SIBPTUS.TOMSK.RU
> > What gives? FreeBSD's kadmind (Heimdal) does not listen on udp, it
> > uses 749/tcp.
> >
> > Is there a way to make them work together, or is it hopeless?
>
> The kadmin protocol is not standard.
>
> Heimdal's kadmin protocol and MIT's (from which Solaris' derives) are
> incompatible. That said, later today I'll send out program source that
> might help you.
A while back I wrote a utility for building keytab files when using
Active Directory as the KDC; it uses the RFC3244 protocol to set the
"password" of the given principal, so it should work with Heimdal.
You can find it here:
http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp
Nico
--
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
