problem with krb5 and samba-tool - recent opensuse 13.1
Günter Kukkukk
linux at kukkukk.com
Sun Dec 8 18:48:10 MST 2013
Hi all,
I've got a question regarding kerberos.
Former opensuse 12.3 used Kerberos 5 version 1.10.2
Recent opensuse 13.1 uses Kerberos 5 version 1.11.3
In the past i used:
kinit administrator at ADDLZ.KUKKUKK.COM
and got with klist:
Ticket cache: FILE:/tmp/krb5cc_0
Now with opensuse 13.1 when i use:
kinit administrator at ADDLZ.KUKKUKK.COM
i get with klist:
Ticket cache: DIR::/run/user/0/krb5cc/tktN44gIn
Note that a different location is used now and the first one starts with
"FILE:"
and the 2nd with
"DIR::"
and DIR::/run/user/0/krb5cc/tktN44gIn points to a ticket _file_, too!?
With opensuse, in the default case no KRB5CCNAME environment variable is set.
Now my problem:
In the past i used
kinit administrator at ADDLZ.KUKKUKK.COM
to get a ticket and so for example with
samba-tool dns query ....
it was not needed to specify -Uadministrator and supply a password at all.
Without -Uadministrator i now get:
Password for [ADDLZ\root]:
which is wrong.
When i set
export KRB5CCNAME=FILE:/run/user/0/krb5cc/tktN44gIn
all is working again. NOTE, that i needed "FILE:" above.
Without that env var a strace samba-tool .... shows that only /tmp/krb5cc_0 is tried.
Interestingly enough, when i use
klist -k /run/user/0/krb5cc/tktN44gIn
i get
Keytab name: FILE:/run/user/0/krb5cc/tktN44gIn
klist: Unsupported key table format version number while starting keytab scan
Sorry, i'm no krb5 expert, hopefully someone can shed some light into this.
Cheers, Günter
More information about the samba-technical
mailing list