There are two possibilities that I see, there may be others. First - You have firewall turned on enough that it isn't working with kerberos. But to be honest, I thought that in S.L. 4.x the firewall was working good enough that that isn't a problem. Or, there might be a firewall somewhere between you and the Fermilab KDC's. Second - You have java's kinit in your path somewhere. Do a which kinit to see which one you are really using. Troy Alex Finch wrote: > Does any one have an idea why kinit does not work on SL 4.2 but does > on 3.0.3? On 4.2 it just hangs, putting -V gives no output. > > > I have the same configuration file in /etc/krb5.conf on both machines > which I append here. I got it from a D0 colleague and it has worked ok > for a few years. > > > # krb5conf v1_5 with afs on node d-002577dcg.dhcp.fnal.gov automatic > update 31Aug2001 > ### > ### This krb5.conf template is intended for use with Fermi > ### Kerberos v1_2 and later. Earlier versions may choke on the > ### "auth_to_local = " lines unless they are commented out. > ### The installation process should do all the right things in > ### any case, but if you are reading this and haven't updated > ### your kerberos product to v1_2 or later, you really should! > ### > [libdefaults] > ticket_lifetime = 1560 > default_realm = FNAL.GOV > checksum_type = 1 > ccache_type = 2 > default_tgs_enctypes = des-cbc-crc > default_tkt_enctypes = des-cbc-crc > > [realms] > PILOT.FNAL.GOV = { > kdc = krb-pilot-1.fnal.gov:88 > kdc = krb-pilot-3.fnal.gov:88 > kdc = krb-pilot-4.fnal.gov:88 > kdc = krb-pilot-5.fnal.gov:88 > admin_server = krb-pilot-admin.fnal.gov > default_domain = fnal.gov > # auth_to_local = RULE:[1:$1@$0](.*@FNAL\.GOV)[log in to unmask]*// > auth_to_local = DEFAULT > } > FNAL.GOV = { > kdc = krb-fnal-1.fnal.gov:88 > kdc = krb-fnal-2.fnal.gov:88 > kdc = krb-fnal-3.fnal.gov:88 > kdc = krb-fnal-4.fnal.gov:88 > kdc = krb-fnal-5.fnal.gov:88 > kdc = krb-fnal-6.fnal.gov:88 > admin_server = krb-fnal-admin.fnal.gov > default_domain = fnal.gov > # auth_to_local = RULE:[1:$1@$0](.*@PILOT\.FNAL\.GOV)[log in to unmask]*// > auth_to_local = DEFAULT > } > WIN.FNAL.GOV = { > kdc = newpckits.fnal.gov:88 > admin_server = newpckits.fnal.gov > default_domain = fnal.gov > } > > [instancemapping] > afs = { > cron/* = "" > cms/* = "" > } > > [domain_realm] > .minos-soudan.org = FNAL.GOV > d-002577dcg.dhcp.fnal.gov = FNAL.GOV > fsus01.fnal.gov = FNAL.GOV > fsus03.fnal.gov = FNAL.GOV > fsus04.fnal.gov = FNAL.GOV > c243580-a.wheaton1.il.home.com = FNAL.GOV > > # The whole "top half" is replaced during "ups installAsRoot krb5conf", so: > # It would probably be a bad idea to change anything on or above this line > > # If you need to add any .domains or hosts, put them here > [domain_realm] > .ts.infn.it = PILOT.FNAL.GOV > .pi.infn.it = PILOT.FNAL.GOV > .physics.lsa.umich.edu = PILOT.FNAL.GOV > .phys.ttu.edu = PILOT.FNAL.GOV > > [logging] > default = SYSLOG:ERR:AUTH > > [appdefaults] > default_lifetime = 7d > retain_ccache = false > autologin = true > forward = true > forwardable = true > renewable = true > encrypt = true > krb5_aklog_path = /usr/krb5/bin/aklog > > telnet = { > } > > rcp = { > forward = false > encrypt = false > allow_fallback = true > } > > rsh = { > allow_fallback = true > } > > rlogin = { > allow_fallback = false > } > > > login = { > forwardable = true > krb5_run_aklog = true > krb5_get_tickets = true > krb4_get_tickets = false > krb4_convert = false > } > > kinit = { > forwardable = true > krb5_run_aklog = true > } > > rshd = { > krb5_run_aklog = true > } > > ftpd = { > krb5_run_aklog = true > default_lifetime = 6h > } > > [pam] > debug = false > ticket_lifetime = 100000 > renew_lifetime = 100000 > forwardable = true > krb4_convert = true > afs_cells = fnal.gov -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/CSS CSI Group __________________________________________________