kinit from mac ports not working

Brad Allison brad.allison at gmail.com
Thu Aug 15 09:05:35 PDT 2013 

This post show's the problem:

http://techblog.lucidillusion.org/2011/08/31/kerberos-over-tcp-on-os-x-10-7-lion/

"With the release of Mac OS X 10.7 (Lion) Apple has switched from MIT
Kerberos <http://web.mit.edu/kerberos/>to Heimdal Kerberos<http://www.h5l.org/>
."

So you either have a krb5.conf file that works with MIT Kerberos (mac
ports) or Heimdal Kerberos (default).

it's completely broken now.  :(



On Thu, Aug 15, 2013 at 11:49 AM, Brad Allison <brad.allison at gmail.com>wrote:

> It is a problem between Heimdal-Kerberos (built in)  and MIT-Kerberos (mac
> ports)
>
> With Heimdal I need tcp/ in front of my address on the kdc line:
> kdc = tcp/10.10.....
>
> With MIT kerberos if you have tcp/ it's can't read the address.
>
> So I can't have a single krb5.conf that works for both.
>
> I wish there was a way to make macports kinit use /etc/krb5.conf and make
> built in Heimdal kerberos use /Library/Preferences/edu.mit.Kerberos .
>
>
>
>
>
> On Thu, Aug 15, 2013 at 10:56 AM, Brandon Allbery <allbery.b at gmail.com>wrote:
>
>> On Thu, Aug 15, 2013 at 10:45 AM, Brad Allison <brad.allison at gmail.com>wrote:
>>
>>> When I try to kinit using macports kinit it returns "Cannot contact any
>>> KDC from realm...."
>>>
>>> When I try to kinit using default built in kinit (/usr/bin/kinit), it
>>> works and I can get tickets.
>>>
>>> So why is macports kinit broken?
>>>
>>
>> Not actually "broken" although I imagine you won't care about little
>> details like how /Library/Preferences/edu.mit.Kerberos isn't guaranteed to
>> be 100% compatible with /etc/krb5.conf these days (because Apple's Kerberos
>> is from Heimdal); and the cases where they're incompatible are almost
>> exactly the cases where it can't be automagically translated. There may
>> also be differences in how the two figure out defaults (e.g. when to use
>> TCP vs. UDP or which DNS names are looked up when a realm isn't defined in
>> the config file, there being both legacy TXT and modern SRV entries
>> possible and each implementation follows different rules).
>>
>> If you're lucky you can just "sudo ln -s
>> /Library/Preferences/edu.mit.Kerberos /etc/krb5.conf".
>>
>> --
>> brandon s allbery kf8nh                               sine nomine
>> associates
>> allbery.b at gmail.com
>> ballbery at sinenomine.net
>> unix, openafs, kerberos, infrastructure, xmonad
>> http://sinenomine.net
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-users/attachments/20130815/32b5cf91/attachment.html>

More information about the macports-users mailing list