[cups.general] Kerberos authentication - help needed - take 2

[Rick Cochran]

Erk.  Before I build my own special copy of a sufficiently recent MIT Kerberos 
distribution, I'll be going back to 1st grade to brush up on my reading and 
arithmetic skills.

The version of Kerberos in my up-to-date Leopard machine (via 'strings 
/usr/lib/libkrb5.dylib') is 'krb5-1-6 1.6.2-postrelease'.  My newly polished 
reading and arithmetic skills lead me to believe this means that "credential 
caching/forwarding" will _not_ work for CUPS under Leopard.

Please let me know if I have missed the mark yet again.

Yours,
-Rick

Michael R Sweet wrote:
> Rick Cochran wrote:
>> ...
>>> Also, you need to use either Heimdal Kerberos or a new enough version
>>> of MIT Kerberos (1.6.3 or higher) to get credential caching/forwarding
>>> to work.
>> I have krb5-libs-1.6.1-17.el5_1.1 on my client workstation, and 
>> krb5-libs-1.3.4-54.el4_6.1 on my server.
> 
> Those are too old and will *not* work.
> 
>> ...
>> Additionally, Kerberos works with the cupsctl command _only_ when it is executed 
>> on the server.  It does not work when the cupsctl command is executed from the 
>> client.  Is this because the server is using too old a version of MIT Kerberos? 
>>   If so, then that could explain everything.
> 
> That's very likely, and both the client and server's versions of
> Kerberos are too old...
>