Unable to get forwardable, renewable tickets

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Unable to get forwardable, renewable tickets

Howard Rubin
Hi,

I've been using KfW for several years and about 2 weeks ago I was no
longer able to get forwardable or renewable tickets.  I've tried
reinstalling (both with and without explicit uninstalls first) including
wiping the residuals from the registry before doing a completely clean
reinstallation.  The only thing I can think of that was done to my
system recently was to import a DOEGrid certificate into Mozilla 1.7.12,
although I have tried importing the same certificate into Firefox on
another system with no problem.  I've also imported the certificate into
  Firefox on Mac OS-X 10.3 with no problem.  I've tried unchecking and
checking the options in Leash, and have tried making changes directly to
the krb5.ini file.  I have the same problem running kinit -f -r 6d from
the command line.  No matter what I do, the tickets are neither
forwardable nor renewable!

I was originally using 2.6.2-post-beta-1-2 (if it ain't broke, don't fix
it) but now have a virgin installation of 2.6.5.  For completeness, I
attach the configuration files I'm using.

Any suggestions you might have as to the source of this problem would be
appreciated.

Thanks,
Howard Rubin

fnal.gov FNAL.GOV

[domain_realm]
        fnal.gov = FNAL.GOV

[libdefaults]
        default_realm = FNAL.GOV
        default_tgs_enctypes = des-cbc-crc
        default_tkt_enctypes = des-cbc-crc
        forwardable = true
        proxiable = true
        renewable = true

[login]
        krb4_convert = true
        krb4_get_tickets = false

[realms]
        FNAL.GOV = {
                admin_server = krb-fnal-admin.fnal.gov
                default_domain = fnal.gov
                kdc = krb-fnal-1.fnal.gov:88
                kdc = krb-fnal-2.fnal.gov:88
                kdc = krb-fnal-3.fnal.gov:88
                kdc = krb-fnal-4.fnal.gov:88
                kdc = krb-fnal-5.fnal.gov:88
                kdc = krb-fnal-6.fnal.gov:88
        }

FNAL.GOV
FNAL.GOV krb-fnal-1.fnal.gov
FNAL.GOV krb-fnal-2.fnal.gov
FNAL.GOV krb-fnal-3.fnal.gov
FNAL.GOV krb-fnal-4.fnal.gov
FNAL.GOV krb-fnal-5.fnal.gov
FNAL.GOV krb-fnal-6.fnal.gov

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos