On Wed, Aug 06, 2008 at 10:18:01AM -0500, Nicolas Williams wrote: > On Wed, Aug 06, 2008 at 03:38:27AM +0000, Victor Sudakov wrote: > > Victor Sudakov wrote: > > > > > It is a pity I cannot check it out because Solaris' kadmin seems to be > > > incompatible with FreeBSD's kadmind: > > > $ kadmin > > > kadmin: unable to get host based service name for realm SIBPTUS.TOMSK.RU > > > > I see, Solaris kadmin looks for _kerberos-adm._udp.SIBPTUS.TOMSK.RU > > What gives? FreeBSD's kadmind (Heimdal) does not listen on udp, it > > uses 749/tcp. > > > > Is there a way to make them work together, or is it hopeless? > > The kadmin protocol is not standard. > > Heimdal's kadmin protocol and MIT's (from which Solaris' derives) are > incompatible. That said, later today I'll send out program source that > might help you.
A while back I wrote a utility for building keytab files when using Active Directory as the KDC; it uses the RFC3244 protocol to set the "password" of the given principal, so it should work with Heimdal. You can find it here: http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp Nico -- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos