[37984] in Kerberos
Re: Kerberos on Mac
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri May 12 11:40:57 2017
To: Matt Darwin <mattdarwin@gmail.com>, kerberos@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <dd774384-fec5-22fb-1d1b-bf11937f395f@mit.edu>
Date: Fri, 12 May 2017 11:40:33 -0400
MIME-Version: 1.0
In-Reply-To: <D1FF074C-4DC7-4F14-BD37-052BB024EBCE@gmail.com>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 05/12/2017 11:28 AM, Matt Darwin wrote:
> I’ve written a detailed description of the problem on stack overflow : http://stackoverflow.com/questions/43685086/
I read this, and I don't see in there the server principal name in the
TGS request on macOS and on Linux. You might be able to obtain that
with wireshark or similar if you can't get it out of the JVM. That
information, together with knowledge of your DNS configuration, might
provide a hint as to what's going on.
Note that the JVM has its own Kerberos implementation, which is separate
from MIT krb5, Heimdal, or the macOS fork of Heimdal. (I believe it's
possible to use a shim to force it to call out to the C library, but
from the stack trace it doesn't appear that you're doing that.) So the
output you're getting from krb5-config --version is irrelevant, as is
using brew to install a newer C library.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
