[5533] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Can I interoperate K5.4.2 & K5.5 ??

daemon@ATHENA.MIT.EDU (Joe Ramus)
Fri Jul 21 20:52:10 1995

Date: Fri, 21 Jul 95 17:39:42 PDT
From: ramus@nersc.gov (Joe Ramus)
To: kerberos@MIT.EDU

Is it reasonable to expect interoperability between different
(but fairly recent) versions of Kerberos 5 ??

I have some systems running the older K5.4.2
and I also have the new Kerberos 5.5 installed on some other
systems.

From a K5.5 system, I can do kinit and then use telnet to do an
Authenticated login to "osi.nersc.gov" which is running K5.5.
After I do the telnet, klist on the first host shows:

%% klist
Ticket cache: /u/ccc/ramus/tickets/Nersc.decdce3
Default principal: ramus@JB_TEST.NERSC.GOV

  Valid starting       Expires          Service principal
21-Jul-95 16:56:25  22-Jul-95 00:54:48  krbtgt/JB_TEST.NERSC.GOV@JB_TEST.NERSC.GOV

21-Jul-95 16:57:43  22-Jul-95 00:54:48  host/osi.nersc.gov@JB_TEST.NERSC.GOV
-----------------------------------------------------------------------------------

Starting on a K5.4.2 system which uses a different KDC, I do the kinit
and telnet to "osi.nersc.gov".  It fails like this:

Connected to osi.nersc.gov.
Escape character is '^]'.
[ Kerberos V5 refuses authentication because Read req failed:
    Wrong principal in request ]
Password: 
Kerberos error: Can't send request (send_to_kdc)

On the K5.4.2 system, klist shows this:

%% klist
Ticket cache: /u/ccc/ramus/tickets/Nersc.yosemite
Default principal: ramus@NERSC.GOV

  Valid starting       Expires          Service principal
21-Jul-95 17:09:51  22-Jul-95 01:09:43  krbtgt/NERSC.GOV@NERSC.GOV

21-Jul-95 17:10:43  22-Jul-95 01:09:43  host/osi.nersc.gov@NERSC.GOV
---------------------------------------------------------------------------------

Perhaps I have a configuration error but I do not see it.
On "osi.nersc.gov", I have this:

%% cat .k5login
ramus@NERSC.GOV
ramus@JB_TEST.NERSC.GOV


%% cat /etc/krb5.conf
[libdefaults]
	default_realm = JB_TEST.NERSC.GOV

[realms]
	JB_TEST.NERSC.GOV = {
		kdc = windchime.nersc.gov
		admin_server = windchime.nersc.gov
		default_domain = nersc.gov
	}
	NERSC.GOV = {
		kdc = shams.nersc.gov
		admin_server = shams.nersc.gov
		default_domain = nersc.gov
	}

[domain_realm]
	.nersc.gov = JB_TEST.NERSC.GOV


The file /etc/v5srvtab contains keys for both realms.

----------------------------------------------------------------
| Joe Ramus  NERSC Livermore  (510) 423-8917   ramus@nersc.gov |
----------------------------------------------------------------


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[5533] in Kerberos

Can I interoperate K5.4.2 & K5.5 ??

daemon@ATHENA.MIT.EDU (Joe Ramus)Fri Jul 21 20:52:10 1995

daemon@ATHENA.MIT.EDU (Joe Ramus)
Fri Jul 21 20:52:10 1995