Hi again, On Wed, 2011-10-12 at 11:30 +0200, Andreas Haupt wrote: > Dear all, > > Heimdal 1.5 seems to have dropped KA-server support - at least the KDC > doesn't listen on port 7004 any more ... This means that the old klog > command cannot work any more - ok. > > BUT: klog.krb5 doesn't seem to work, either!
[...] It becomes even more interesting: [oreade38] ~ % klog.krb5 Password for [email protected]: klog: ticket contained unknown key version number Can't get your viceid for cell ifh.de [oreade38] ~ % tokens Tokens held by the Cache Manager: Tokens for [email protected] [Expires Oct 13 16:22] --End of list-- [oreade38] ~ % touch test touch: cannot touch `test': Permission denied [oreade38] ~ % klog.krb5 -tmp Password for [email protected]: Wrote ticket file to /tmp/krb5cc_yF6bKY [oreade38] ~ % tokens Tokens held by the Cache Manager: User's (AFS ID 9132) tokens for [email protected] [Expires Oct 13 16:22] --End of list-- [oreade38] ~ % touch test [oreade38] ~ % rm test [oreade38] ~ % So when writing out a k5 cache file, everything works fine. Most probably because in this case a krbtgt/<REALM> ticket is requested and not the afs@<REALM> principal directly. I compared the wireshark traffic between klog.krb5 contacting a Heimdal 1.2.1 & Heimdal 1.5.1 server - it looks identical except for the encrypted ticket parts of course. Nobody else tried this combination, yet? Cheers, Andreas -- | Andreas Haupt | E-Mail: [email protected] | DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt | Platanenallee 6 | Phone: +49/33762/7-7359 | D-15738 Zeuthen | Fax: +49/33762/7-7216 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
