--On Mon, Aug 9, 1999 11:37 PM -0400 "Leonard J. Peirce"
<[EMAIL PROTECTED]> wrote:
> We're trying to use netatalk and AuthMan on Solaris 2.6 and attempting to
> authenticate to a Kerberos 5 KDC. Everything (netatalk and AuthMan)
> builds and installs fine. With AuthMan, we can get authenticated but
> when we try to use the ticket to try to connect with AppleShare it fails.
>
> Logs on our Kerberos KDC show:
>
> Aug 06 16:48:17 kdc1.wmich.edu krb5kdc[16466](info):
> PROCESS_V4:Initial ticket request Host: 141.218.44.115 User:
> "testuser" "" Aug 06 16:48:34 kdc1.wmich.edu krb5kdc[16466](info):
> PROCESS_V4:APPL Request [EMAIL PROTECTED] on 141.218.44.115 for
> afpserver.neta Aug 06 16:48:34 kdc1.wmich.edu krb5kdc[16466](Error):
> PROCESS_V4:UNKNOWN "afpserver" "neta"
The problem, I'm guessing (as this is a problem I had with krb5 also), is
that your version of krb5 isn't doing v4 instance conversion for
``afpserver'' principals; i.e., it's not taking v4 principals with un-FQDNs
as their instances (e.g., ``[EMAIL PROTECTED]'') and mapping them to
v5 principals with FQDNs as their instances (e.g.,
``[EMAIL PROTECTED]'' or whatever). This results in a kdc
lookup failure. (Most humble plea of any krb5 hackers reading this list: it
would be nice if instance conversion was configurable instead of hard-coded)
This is fixed in krb5 patchlevel 1.0.6, and the particular patch you need
I've included below (hopefully, not in defiance of any commerce department
regs)
--
buck huppmannn
pediatrics, university of iowa, iowa city, us
--- Patch from MIT's krb5-1.0.5-krb5-1.0.6.diff.gz ---
diff -N -c -r krb5-1.0.5/src/lib/krb5/krb/conv_princ.c
krb5-1.0.6/src/lib/krb5/krb/conv_princ.c
*** krb5-1.0.5/src/lib/krb5/krb/conv_princ.c Fri Feb 6 22:44:51 1998
--- krb5-1.0.6/src/lib/krb5/krb/conv_princ.c Mon May 10 23:37:02 1999
***************
*** 67,72 ****
--- 67,106 ----
{"imap", "imap", DO_REALM_CONVERSION},
{"ftp", "ftp", DO_REALM_CONVERSION},
{"ecat", "ecat", DO_REALM_CONVERSION},
+ {"daemon", "daemon", DO_REALM_CONVERSION},
+ {"gnats", "gnats", DO_REALM_CONVERSION},
+ {"moira", "moira", DO_REALM_CONVERSION},
+ {"prms", "prms", DO_REALM_CONVERSION},
+ {"mandarin", "mandarin", DO_REALM_CONVERSION},
+ {"register", "register", DO_REALM_CONVERSION},
+ {"changepw", "changepw", DO_REALM_CONVERSION},
+ {"sms", "sms", DO_REALM_CONVERSION},
+ {"afpserver", "afpserver", DO_REALM_CONVERSION},
+ {"gdss", "gdss", DO_REALM_CONVERSION},
+ {"news", "news", DO_REALM_CONVERSION},
+ {"abs", "abs", DO_REALM_CONVERSION},
+ {"nfs", "nfs", DO_REALM_CONVERSION},
+ {"tftp", "tftp", DO_REALM_CONVERSION},
+ {"zephyr", "zephyr", DO_REALM_CONVERSION},
+ {"http", "http", DO_REALM_CONVERSION},
+ {"khttp", "khttp", DO_REALM_CONVERSION},
+ {"pgpsigner", "pgpsigner", DO_REALM_CONVERSION},
+ {"irc", "irc", DO_REALM_CONVERSION},
+ {"mandarin-agent", "mandarin-agent",
DO_REALM_CONVERSION},
+ {"write", "write", DO_REALM_CONVERSION},
+ {"palladium", "palladium", DO_REALM_CONVERSION},
+ {"news", "news", DO_REALM_CONVERSION},
+ {"abs", "abs", DO_REALM_CONVERSION},
+ {"nfs", "nfs", DO_REALM_CONVERSION},
+ {"tftp", "tftp", DO_REALM_CONVERSION},
+ {"zephyr", "zephyr", DO_REALM_CONVERSION},
+ {"http", "http", DO_REALM_CONVERSION},
+ {"khttp", "khttp", DO_REALM_CONVERSION},
+ {"pgpsigner", "pgpsigner", DO_REALM_CONVERSION},
+ {"irc", "irc", DO_REALM_CONVERSION},
+ {"mandarin-agent", "mandarin-agent", DO_REALM_CONVERSION},
+ {"write", "write", DO_REALM_CONVERSION},
+ {"palladium", "palladium", DO_REALM_CONVERSION},
{0, 0, 0},
};
