Leopard/Tiger vs Linux KDC/LDAP

[Drizzt]

Hi all!

I’m having a little problem with my home setup, and was wondering if anyone had an idea what to do.

I’ve got a Linux server set up with OpenLDAP and Kerberos. Basic authentification works fine, but I’m having problems with users that have authAutority set to ;Kerberosv5;;[email protected];REALM.TLD.

In the ldap structure, KerberosClient is set up and good. My 10.6 SL client machine can authenticate the kerberized users, but not my 10.5 and 10.4 machines.

Packet sniffing shows absolutely no differences between 10.4, 10.5 and 10.6.

[i]kinit user[/i] asks for password, the ticket is granted.

I can’t seam to find what, except the OS version, is different between my 3 Macs that makes it work on 10.6 and not others. Anybody can help me with that?

[Drizzt]

Solution :

set authAuthority = ;Kerberosv5;

instead of the long string with [email protected]

[Drizzt]

Well.. solved the 10.4 machine, but not the 10.5 one 🙁

I see [i]CLIENT_NOT_FOUND: @MENZONET.ORG for krbtgt/[email protected][/i], Client not found in Kerberos database in my logs instead of [i][email protected] for krbtgt/[email protected][/i].

It seams related to authAuthority… or maybe something else. Why would the mac to try to authenticate without the username in the krb principal?

[Drizzt]

Works with authAutority = ;basic;

I’d prefer ;Kerberosv5; so I could change passwords easily. 10.5 still does it’s wierd thing..

[Author]

Posts