"Ken Raeburn" <[EMAIL PROTECTED]> schrieb im Newsbeitrag news:[EMAIL PROTECTED] > ... > > Nevertheless if I do a kinit for my my normal account it fails with > > error code 52. No change between krb5-1.2.7 and krb5-1.3. > > Is it saying "KRB5 error code 52" exactly? That shouldn't be in the > source code for the 1.3 snapshot. The error message is now "Response > too big for UDP, retry with TCP", and shouldn't be displayed unless > the server sends that error code over a TCP connection, or the client > library thinks that TCP service isn't available for some reason, which > should only happen if you have DNS SRV records that indicate only UDP > service is available (try "dig _kerberos._udp.REALMNAME srv", and try > with _tcp instead of _udp) and the config files don't list the KDCs at > all.
I had another kinit in the my path. I wasn't aware of that. I thought I had deleted all the old stuff. Now the new kinit workes great. I can use kinit with my own account. No more error 52! :) As usual a new problem came up after that. I cannot compile pam_krb5 anymore. Maybe I have to use different linking options. Which pam_krb5 package would you recommend? I tried the one shipped with RH9. I think the one at sourceforge is a different one. Are there any plans to include a pam_krb5 in the distribution. Would be very convenient. :-) > If you are getting the "52" message, that may mean you aren't actually > getting the 1.3 snapshot code for some reason. (Did you build with > shared libraries, and run programs in the build tree without > installing the libraries? I've done that sometimes.) Indeed, I compiled as shared libs. I thought libraries are installed when I do "make install"!? > ... > No, config files aren't installed by default. > > We should probably consider installing some as "examples", avoiding > overwriting any installed versions. But, at the same time, we > probably want to move towards needing as little in them as possible, > perhaps to the point of not needing them at all if we're really lucky. I think this would be a good idea. At least it would be a bit more comfortable. Maybe I have to change this thread to the devel oder snapshot newsgroup. Thanks for your great help so far! As I haven't done a lot with Linux, Kerberos and PAM so far I'm thankful for any hint I can get. Cheers, Uli ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos