Home Forums OS X Server and Client Discussion Questions and Answers 10.4 client to 10.3.9 server kerberos problem

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • May 3, 2005 at 3:56 pm #361502
    bustthis
    Participant

    i haven’t had the time to update my server to 10.4, but i did install 10.4 client and i am having some strange kerberos problems.
    1. upon login i used to get an afp ticket for 2 automounts(on 10.3.9 client) and now i don’t, but the automounts continue to work as before.
    2. when launching mail.app i am prompted for a kerberos password and then i get a imap ticket.
    3. if i ssh into the server before getting a ticket, i am prompted for a password… so much for not having to enter a password Smile

    i remember that i use to have to edit /etc/authorization to get tickets upon login, but /etc/authorization has changed in tiger and i think i read some place there’s no need to do this anymore. i made the change anyway under 10.4 and needless to say i got the “blue screen of death”

    am i expecting too much for kerberos to work correctly until i find the time to upgrade my server? any suggestions?
    thanks,
    charles

    May 5, 2005 at 12:05 pm #361526
    bustthis
    Participant

    network users are working… meaning getting kerberos tickets on login.
    anyone?

    May 6, 2005 at 10:30 am #361544
    vincent_vega
    Participant

    [QUOTE BY= bustthis] network users are working… meaning getting kerberos tickets on login.
    anyone?[/QUOTE]

    Being able to login doesn’t mean that the user is getting a Kerberos TGT automagically, it mearly means that the user was authenticated properly.

    Maybe you could find some clues by running /System/Library/CoreServices/Kerberos directly after login on your 10.4 machine. If the user gets a krbtgt it should show up there.

    I’m no Kerberos guru but I’d start this fault-finding-quest by tailing the system.log file piping it through a ‘grep krb’…

    Good luck!

    May 6, 2005 at 12:56 pm #361547
    bustthis
    Participant

    i am not giving the initial krbtgt ticket upon login with my 10.4 client, i used to get it in 10.3.x

    in order to get a krbtgt ticket, i need to manually enter my password in
    /System/Library/CoreServices/Kerberos or by launching mail.app which uses GSSAPI auth for smtp and imap. system.log doesn’t show anything related, i’ve checked… i only see this everytime i login –

    May 5 10:54:43 w1 SystemStarter[710]: authentication service (718) did not complete successfully
    May 5 10:54:45 w1 SystemStarter[710]: /System/Library/StartupItems/AuthServer

    over at the apple disscussions page, it seems this is happening to people not using kerberos too.

    thanks for your time.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.