[cups.general] Kerberos authentication - help needed - take 2
Rick Cochran
rcc2 at cornell.edu
Wed Aug 13 09:02:45 PDT 2008
Erk. Before I build my own special copy of a sufficiently recent MIT Kerberos
distribution, I'll be going back to 1st grade to brush up on my reading and
arithmetic skills.
The version of Kerberos in my up-to-date Leopard machine (via 'strings
/usr/lib/libkrb5.dylib') is 'krb5-1-6 1.6.2-postrelease'. My newly polished
reading and arithmetic skills lead me to believe this means that "credential
caching/forwarding" will _not_ work for CUPS under Leopard.
Please let me know if I have missed the mark yet again.
Yours,
-Rick
Michael R Sweet wrote:
> Rick Cochran wrote:
>> ...
>>> Also, you need to use either Heimdal Kerberos or a new enough version
>>> of MIT Kerberos (1.6.3 or higher) to get credential caching/forwarding
>>> to work.
>> I have krb5-libs-1.6.1-17.el5_1.1 on my client workstation, and
>> krb5-libs-1.3.4-54.el4_6.1 on my server.
>
> Those are too old and will *not* work.
>
>> ...
>> Additionally, Kerberos works with the cupsctl command _only_ when it is executed
>> on the server. It does not work when the cupsctl command is executed from the
>> client. Is this because the server is using too old a version of MIT Kerberos?
>> If so, then that could explain everything.
>
> That's very likely, and both the client and server's versions of
> Kerberos are too old...
>
More information about the cups
mailing list