[Samba] Solved - Re: Seems solved - Re: sernet kerberos

Robert Moskowitz rgm at htt-consult.com
Fri Sep 4 15:44:42 UTC 2015 

I needed to reboot; lots of cruft hanging around from wrong starts, most 
likely:

# kinit administrator at HOME.HTT
Password for administrator at HOME.HTT:

I did not realize that this is the same administrator as used in 
samba-tool and thus the same password.

# klist
Ticket cache: DIR::/run/user/0/krb5cc/tkt
Default principal: administrator at HOME.HTT

Valid starting     Expires            Service principal
09/04/15 11:36:42  09/04/15 21:36:42  krbtgt/HOME.HTT at HOME.HTT
         renew until 09/05/15 11:36:36

Now I can go back to working on dhcpd...

On 09/04/2015 10:02 AM, Robert Moskowitz wrote:
> Going back here on old messages about kerberos I did:
>
> yum install krb5-workstation
>
> And kinit and others are there and working.  Seems reasonable that the 
> client should not care about the backed type (Heimdal or MIT).
>
> Though don't know if I need to install krb5-devel; time will tell.
>
> On 09/04/2015 05:43 AM, Robert Moskowitz wrote:
>>
>>
>> On 09/04/2015 03:59 AM, mathias dufresne wrote:
>>> Hi,
>>>
>>> I don't think there is sernet kerberos package. You would have to 
>>> install
>>> kerberos client using your package manager: krb5-workstation on 
>>> Centos or
>>> krb5-user on Debian I think...
>>
>> As I understand things:
>>
>> Samba4.2 and lower is designed for the Heimal (sp!) kerberos. 
>> Redhat/Fedora/Centos provides the MIT kerberos.  Thus Sernet provides 
>> a 'proper' kerberos for these OS.  I saw that somewhere on some web 
>> writeup.
>>
>> Samba 4.3, coming out 'real soon now', allows Samba to use the MIT 
>> kerberos.
>>
>> But for now, no running on Centos with the Centos provided Kerberos.
>>
>>>
>>> Cheers,
>>>
>>> mathias
>>>
>>> 2015-09-04 6:26 GMT+02:00 Robert Moskowitz <rgm at htt-consult.com>:
>>>
>>>> I see a lot of kerberos files under /usr/src/debug/samba-4.2.3, but I
>>>> can't see specific kerberos commands like kinit and klist.
>>>>
>>>> It is possible that something did not build right from the sernet 
>>>> source,
>>>> so I want to know how to tell that I have the sernet kerberos 
>>>> installed.
>>>>
>>>> thanks
>>>>
>>>>
>>>>
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>
>>
>
>

More information about the samba mailing list