* Tom Yu <[EMAIL PROTECTED]> [20050505 14:46]: > The admin protocol changed in krb5-1.4 (which is what Tiger's krb5 is > based on), for compatibility with Sun's kadmin protocol, which uses > the standards-track RPCSEC_GSS authentication flavor, rather than the > old non-standard authentication flavor used previously. Sun's kadmin > protocol uses kadmin/FQDN rather than kadmin/admin for the service > principal. Support for transparent fallback of the kadmin protocol > was not implemented until krb5-1.4.1.
Thanks much for the quick explanation! > One workaround is to invoke the kadmin client with the "-O" flag to > force the use of the old protocol, or to upgrade to krb5-1.4.1. I > don't know when Apple intends to pick up krb5-1.4.1. Thanks again. The -O option will work for now. With upgrades all around in the near future. Ben ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
