problem with krb5 and samba-tool - recent opensuse 13.1
Günter Kukkukk
linux at kukkukk.com
Wed Dec 11 18:17:41 MST 2013
Am 09.12.2013 02:48, schrieb Günter Kukkukk:
> Hi all,
>
> I've got a question regarding kerberos.
>
> Former opensuse 12.3 used Kerberos 5 version 1.10.2
> Recent opensuse 13.1 uses Kerberos 5 version 1.11.3
>
> In the past i used:
> kinit administrator at ADDLZ.KUKKUKK.COM
> and got with klist:
> Ticket cache: FILE:/tmp/krb5cc_0
>
> Now with opensuse 13.1 when i use:
> kinit administrator at ADDLZ.KUKKUKK.COM
> i get with klist:
> Ticket cache: DIR::/run/user/0/krb5cc/tktN44gIn
>
> Note that a different location is used now and the first one starts with
> "FILE:"
> and the 2nd with
> "DIR::"
> and DIR::/run/user/0/krb5cc/tktN44gIn points to a ticket _file_, too!?
>
> With opensuse, in the default case no KRB5CCNAME environment variable is set.
>
> Now my problem:
> In the past i used
> kinit administrator at ADDLZ.KUKKUKK.COM
> to get a ticket and so for example with
> samba-tool dns query ....
> it was not needed to specify -Uadministrator and supply a password at all.
> Without -Uadministrator i now get:
> Password for [ADDLZ\root]:
> which is wrong.
>
> When i set
> export KRB5CCNAME=FILE:/run/user/0/krb5cc/tktN44gIn
> all is working again. NOTE, that i needed "FILE:" above.
>
> Without that env var a strace samba-tool .... shows that only /tmp/krb5cc_0 is tried.
>
> Interestingly enough, when i use
> klist -k /run/user/0/krb5cc/tktN44gIn
> i get
> Keytab name: FILE:/run/user/0/krb5cc/tktN44gIn
> klist: Unsupported key table format version number while starting keytab scan
>
> Sorry, i'm no krb5 expert, hopefully someone can shed some light into this.
>
> Cheers, Günter
>
to answer myself, i atm just use a workaround by adding to
[libdefaults]
...
default_ccache_name = FILE:/tmp/krb5cc_%{uid}
...
to get the old behavior.
A bit ugly - but it works.
Cheers, Günter
More information about the samba-technical
mailing list