Hi,

I've been using KfW for several years and about 2 weeks ago I was no
longer able to get forwardable or renewable tickets. I've tried
reinstalling (both with and without explicit uninstalls first) including
wiping the residuals from the registry before doing a completely clean
reinstallation. The only thing I can think of that was done to my
system recently was to import a DOEGrid certificate into Mozilla 1.7.12,
although I have tried importing the same certificate into Firefox on
another system with no problem. I've also imported the certificate into
Firefox on Mac OS-X 10.3 with no problem. I've tried unchecking and
checking the options in Leash, and have tried making changes directly to
the krb5.ini file. I have the same problem running kinit -f -r 6d from
the command line. No matter what I do, the tickets are neither
forwardable nor renewable!

I was originally using 2.6.2-post-beta-1-2 (if it ain't broke, don't fix
it) but now have a virgin installation of 2.6.5. For completeness, I
attach the configuration files I'm using.

Any suggestions you might have as to the source of this problem would be
appreciated.

Thanks,
Howard Rubin

fnal.gov FNAL.GOV

[domain_realm]
fnal.gov = FNAL.GOV

[libdefaults]
default_realm = FNAL.GOV
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
forwardable = true
proxiable = true
renewable = true

[login]
krb4_convert = true
krb4_get_tickets = false

[realms]
FNAL.GOV = {
admin_server = krb-fnal-admin.fnal.gov
default_domain = fnal.gov
kdc = krb-fnal-1.fnal.gov:88
kdc = krb-fnal-2.fnal.gov:88
kdc = krb-fnal-3.fnal.gov:88
kdc = krb-fnal-4.fnal.gov:88
kdc = krb-fnal-5.fnal.gov:88
kdc = krb-fnal-6.fnal.gov:88
}

FNAL.GOV
FNAL.GOV krb-fnal-1.fnal.gov
FNAL.GOV krb-fnal-2.fnal.gov
FNAL.GOV krb-fnal-3.fnal.gov
FNAL.GOV krb-fnal-4.fnal.gov
FNAL.GOV krb-fnal-5.fnal.gov
FNAL.GOV krb-fnal-6.fnal.gov

________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos