[2851] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-clients/523:

daemon@ATHENA.MIT.EDU (Robert Walsh)
Fri Jan 9 17:22:14 1998

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, Robert.Walsh@Eng.Sun.COM
Date: Fri, 9 Jan 1998 14:20:56 -0800
From: Robert.Walsh@Eng.Sun.COM (Robert Walsh)
Reply-To: Robert.Walsh@Eng.Sun.COM
To: krb5-bugs@MIT.EDU


>Number:         523
>Category:       krb5-clients
>Synopsis:       
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Fri Jan 09 17:22:00 EST 1998
>Last-Modified:
>Originator:     Robert E. Walsh
>Organization:
SUN Microsystems, Inc


>Release:        krb5-1.0.4
>Environment:
	
System: SunOS salesrep 5.6 s297_36 sun4m sparc SUNW,SPARCstation-5
Architecture: sun4

>Description:
NT 5.0 Beta 1 acting as a KDC has no support for encryption type
	
	 kinit
Password for walsh@ENG.SUN.COM: 
kinit: KDC has no support for encryption type while getting initial credentials

>How-To-Repeat:
1. create a krb5.conf file which points to an NT 5.0 Beta 1 system:
 more /etc/krb5.conf
[libdefaults]
        default_realm = ENG.SUN.COM
        default_tkt_enctypes = des-cbc-md5
        default_tgs_enctypes = des-cbc-md5
[realms]
        ENG.SUN.COM = {
                kdc = davinci.eng.sun.com:88
                admin_server = davinci.eng.sun.com
        }

[domain_realm]
        .eng.sun.com = ENG.SUN.COM
        .sun.com = ENG.SUN.COM

[logging]
        default = FILE:/var/adm/kdc.log
        kdc = FILE:/var/adm/kdc.log

>Fix:
Unknown

II. Additional documentation
Microsoft has published a document:
"Microsoft Windows NT Server 5.0 Beta 1 - MIT Kerberos krb5-1.0 Interoperability"
with instructions on how to modify NT 5.0 and set up a keytable. This key table
can be exported to a UNIT system.
I have completed these steps and it has no bearing on the kinit problem.

III. Have you been able to interoperate with NT 5.0 Beta 1?
Have you verified kinit  with NT 5.0 Beta 1?
Have you been able to obtain a credential from NT 5.0 Beta 1 acting as a KDC?
Is NT 5.0 Beta 1 compliant with RFC 1510?
>Audit-Trail:
>Unformatted:
kinit does not work with NT 5.0 Beta 1 KDC
home help back first fref pref prev next nref lref last post