Christopher, I had the exact same problem. I was given 2 patches for KRB 1.4.1 and it fixed the problem. I applied the patches to my 1.4.2 source and the problem is resolved there too. Here are the patches:
DNSGLUE.C Patch: *** ./src/lib/krb5/os/dnsglue.c.orig Fri Jan 14 17:10:53 2005 --- ./src/lib/krb5/os/dnsglue.c Thu May 5 11:39:52 2005 *************** *** 62,68 **** --- 62,76 ---- char *host, int nclass, int ntype) { #if HAVE_RES_NSEARCH + #ifndef LANL struct __res_state statbuf; + #else /* LANL */ + #ifndef _AIX + struct __res_state statbuf; + #else /* _AIX */ + struct { struct __res_state s; char pad[1024]; } statbuf; + #endif /* AIX */ + #endif /* LANL */ #endif struct krb5int_dns_state *ds; int len, ret; LOCATE_KDC.C Patch: >*** ./src/lib/krb5/os/locate_kdc.c.orig Thu May 5 08:06:45 2005 >--- ./src/lib/krb5/os/locate_kdc.c Thu May 5 11:34:27 2005 >*************** >*** 267,275 **** >--- 267,283 ---- > memset(&hint, 0, sizeof(hint)); > hint.ai_family = family; > hint.ai_socktype = socktype; >+ #ifndef LANL > #ifdef AI_NUMERICSERV > hint.ai_flags = AI_NUMERICSERV; > #endif >+ #else /* LANL */ >+ #ifndef _AIX >+ #ifdef AI_NUMERICSERV >+ hint.ai_flags = AI_NUMERICSERV; >+ #endif >+ #endif /* _AIX */ >+ #endif /* LANL */ > sprintf(portbuf, "%d", ntohs(port)); > sprintf(secportbuf, "%d", ntohs(secport)); > err = getaddrinfo (hostname, portbuf, &hint, &addrs); Credit goes to Milton Turley <[EMAIL PROTECTED]> for the patches and assistance... Let me know if it works for you... Lamar ------------------------------------------------------------------------ ----------------------- Date: Tue, 08 Nov 2005 20:12:27 +0100 From: Christoph Weizen <[EMAIL PROTECTED]> To: kerberos@MIT.EDU Subject: AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested Message-ID: <[EMAIL PROTECTED]> Precedence: list Message: 1 Hi list, kinit (krb5 1.4.2) on an AIX 5.3 gives me # /usr/local/bin/kinit -k -t foobar.keytab foobar/[EMAIL PROTECTED] kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials From a working Linux krb5 1.4.2 installation I copied /etc/krb5.conf and foobar.keytab to AIX 5.3. The following steps don't defer to the steps I did under Linux. # ./configure --without-krb4 --enable-shared # make && make install Using gcc 3.3.2. I found a patch for krb5 1.4.1 for AIX 5.2 from Ken Raeburn, but as far as I see it is fixed in 1.4.2. My krb5.conf looks like this: [libdefaults] default_realm = EXAMPLE.NET clockskew = 300 [realms] EXAMPLE.NET = { kdc = foo.example.net:88 admin_server = foo.example.net:749 default_domain = example.net kpasswd_server = foo.example.net } [domain_realm] .example.net = EXAMPLE.NET example.net = EXAMPLE.NET [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } Trying to analyze with tcpdump I see that DNS query A, AAAA, AAAA with double of my domainname - and then again from the beginning. A record is answered correctly, AAAA can't (no ipv6). 13:00:09.595177 10.20.30.56.41629 > bar.example.net.domain: [udp sum ok] 65423+ A? foo.example.net. (34) (ttl 30, id 30399, len 62) 13:00:09.595729 bar.example.net.domain > 10.20.30.56.41629: [udp sum ok] 65423* q: A? foo.example.net. 1/2/2 foo.example.net. A foo.example.net ns: example.net. NS bar.example.net., example.net. NS bar2.example.net. ar: bar.example.net. A bar.example.net, bar2.example.net. A bar2.example.net (128) (ttl 30, id 35101, len 156) 13:00:09.597500 10.20.30.56.41630 > bar.example.net.domain: [udp sum ok] 65424+ AAAA? foo.example.net. (34) (ttl 30, id 30400, len 62) 13:00:09.597886 bar.example.net.domain > 10.20.30.56.41630: [udp sum ok] 65424* q: AAAA? foo.example.net. 0/1/0 ns: example.net. SOA bar.example.net. tux.example.net. 2005110800 14400 600 259200 86400 (87) (ttl 30, id 35102, len 115) 13:00:09.597928 10.20.30.56.41630 > bar.example.net.domain: [udp sum ok] 65425+ AAAA? foo.example.net.example.net. (42) (ttl 30, id 30401, len 70) 13:00:09.598273 bar.example.net.domain > 10.20.30.56.41630: [udp sum ok] 65425 NXDomain* q: AAAA? foo.example.net.example.net. 0/1/0 ns: example.net. SOA bar.example.net. tux.example.net. 2005110800 14400 600 259200 86400 (95) (ttl 30, id 35103, len 123) 13:00:09.600003 10.20.30.56.41631 > bar.example.net.domain: [udp sum ok] 65426+ A? foo.example.net. (34) (ttl 30, id 30402, len 62) 13:00:09.600473 bar.example.net.domain > 10.20.30.56.41631: [udp sum ok] 65426* q: A? foo.example.net. 1/2/2 foo.example.net. A foo.example.net ns: example.net. NS bar2.example.net., example.net. NS bar.example.net. ar: bar.example.net. A bar.example.net, bar2.example.net. A bar2.example.net (128) (ttl 30, id 35104, len 156) 13:00:09.602076 10.20.30.56.41632 > bar.example.net.domain: [udp sum ok] 65427+ AAAA? foo.example.net. (34) (ttl 30, id 30403, len 62) 13:00:09.602478 bar.example.net.domain > 10.20.30.56.41632: [udp sum ok] 65427* q: AAAA? foo.example.net. 0/1/0 ns: example.net. SOA bar.example.net. tux.example.net. 2005110800 14400 600 259200 86400 (87) (ttl 30, id 35105, len 115) 13:00:09.602520 10.20.30.56.41632 > bar.example.net.domain: [udp sum ok] 65428+ AAAA? foo.example.net.example.net. (42) (ttl 30, id 30404, len 70) 13:00:09.602894 bar.example.net.domain > 10.20.30.56.41632: [udp sum ok] 65428 NXDomain* q: AAAA? foo.example.net.example.net. 0/1/0 ns: example.net. SOA bar.example.net. tux.example.net. 2005110800 14400 600 259200 86400 (95) (ttl 30, id 35106, len 123) Upto here, Linux contacts my KDC, AIX 5.3 not. "Cannot resolve network address for KDC..." Did I miss something? cheers, Christoph Privileged and Confidential. This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information. If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail. You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos