I didn't do it myself, but someone else was able to use a close relative of my krb5.conf file with RHEL 3. The kinit command *required* the -4 option even though the JPL realm was defined to be K4 only.
On Nov 27, 2004, at 8:47 AM, Alexandra Ellwood wrote:
Mac OS X's kinit does not support the -4 option because it is incompatible with the way the Kerberos Login Library manipulates tickets. In particular, the KLL defines the concept of a valid ticket cache as one which contains valid TGTs for all versions of Kerberos defined by the machine's Kerberos configuration (aka edu.mit.Kerberos). If we gave users the option of getting only v4 tickets for a realm which supports both v4 and v5, other applications would display this ticket cache as invalid and confuse the user.------------------------------------------------------------------------ ----
If you need to solve this problem for a specific user, try creating a special edu.mit.Kerberos file which has "dns_fallback = no" set in [libdefaults] and only a v4 configuration (ie: [v4 realms] and [v4 domain_realm] only). Then set the KRB5_CONFIG environment variable to point to that file and run kinit. I haven't tried this with all versions of Kerberos for OS X, but it should work.
Note however that you may get the confusing behavior I described above if you attempt to use other applications (such as Kerberos.app) to examine the tickets.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
[EMAIL PROTECTED], or [EMAIL PROTECTED]
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
