[14639] in Kerberos
Re: How to configure a Kerberos 5 Linux client of a Solaris KDC server
daemon@ATHENA.MIT.EDU (Wyllys Ingersoll)
Mon Jul 9 09:01:21 2001
Message-Id: <200107091258.f69Cw8U655082@jurassic.eng.sun.com>
Date: Mon, 9 Jul 2001 09:01:33 -0400 (EDT)
From: Wyllys Ingersoll <Wyllys.Ingersoll@eng.sun.com>
Reply-To: Wyllys Ingersoll <Wyllys.Ingersoll@eng.sun.com>
To: deengert@anl.gov
Cc: kerberos@MIT.EDU, rk21@gre.ac.uk
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: 8aixzUKnGYPfLBYsdeQivw==
>
>Wyllys Ingersoll wrote:
>>
>> You cannot use an MIT-based 'kadmin' client with a SEAM based KDC because
>> the RPC protocol used by the MIT admin program is incompatible with the
>> RPC protocol used by SEAM. SEAM uses RPCSEC_GSS (RFC 2743) and MIT uses
>> an older, non-standard, secure RPC protocol.
>>
>> SEAM and MIT are compatible for all other non-administrative protocols.
>> e.g. 'kinit' from one will work with the other, etc etc.
>>
>> -wyllys
>
>
>Hopefully this will soon be fixed.
>
> "Kerberos Set/Change Password: Version 2"
> http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-set-passwd-06.txt
>
>has gone through working group last call, and hopefully the Kerberos vendors
>will see fit to implement it.
>
>
This will address the kpasswd interoperability problem but not the
kadmin problem. The MIT kpasswd protocol is still based on the older
Marc Horowitz protocol as is Microsoft's.
-wyllys
