howdy, We pretty much require DNS and in fact mech_krb5.so links directly against libresolv.so to bypass the NameSvcSwitch to assure a FQDN is returned.
And I think the RPCSEC_GSS svc name error msgs you are seeing are indicative of that requirement. thx...glenn Edd wrote: > Hi, > > I am following the instructions here to setup a primary kdc: > http://docs.sun.com/app/docs/doc/816-4557/setup-9?a=view > > Essentially this meant executing: > kdcmgr -a edd/admin -r MYDOMAIN create master > > My current naming service is NIS (domain name = mydomain), but the hosts map > is empty. This machine can look its own name up via /etc/hosts: > x.x.x.x testnis.mydomain testnis loghost > > I plan to add DNS later. But lets keep it simple for now. > > After doing so svcs -x will show complaints: > > # svcs -x > svc:/network/security/kadmin:default (Kerberos administration daemon) > State: offline since Tue May 06 07:10:47 2008 > Reason: Start method is running. > See: http://sun.com/msg/SMF-8000-C4 > See: kadmind(1M) > See: /var/svc/log/network-security-kadmin:default.log > Impact: This service is not running. > > I took some debugging steps to see what was going on: > > # tail -f /var/svc/log/network-security-kadmin:default.log > [ May 6 07:27:26 Executing start method ("/lib/svc/method/svc-kdc.master"). ] > [ May 6 07:27:30 Method "start" exited with status 0. ] > [ May 6 07:27:30 Stopping because all processes in service exited. ] > [ May 6 07:27:30 Executing stop method (:kill). ] > [ May 6 07:27:30 Executing start method ("/lib/svc/method/svc-kdc.master"). ] > [ May 6 07:27:35 Method "start" exited with status 0. ] > [ May 6 07:27:35 Stopping because all processes in service exited. ] > [ May 6 07:27:35 Executing stop method (:kill). ] > > > # tail -f kdc.log > May 06 07:25:57 testnis kadmind[2073](Error): Unable to set RPCSEC_GSS > service name (`kiprop at testnis.mydomain'), failing. > May 06 07:26:02 testnis kadmind[2076](info): No dictionary file specified, > continuing without one. > May 06 07:26:02 testnis kadmind[2077](Error): Unable to set RPCSEC_GSS > service name (`kiprop at testnis.mydomain'), failing. > May 06 07:26:07 testnis kadmind[2080](info): No dictionary file specified, > continuing without one. > May 06 07:26:07 testnis kadmind[2081](Error): Unable to set RPCSEC_GSS > service name (`kiprop at testnis.mydomain'), failing. > > # ktutil > ktutil: rkt kadm5.keytab > ktutil: list > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 3 kadmin/testnis.mydomain at MYDOMAIN > 2 3 kadmin/testnis.mydomain at MYDOMAIN > 3 3 kadmin/testnis.mydomain at MYDOMAIN > 4 3 kadmin/testnis.mydomain at MYDOMAIN > 5 3 kadmin/testnis.mydomain at MYDOMAIN > 6 3 changepw/testnis.mydomain at MYDOMAIN > 7 3 changepw/testnis.mydomain at MYDOMAIN > 8 3 changepw/testnis.mydomain at MYDOMAIN > 9 3 changepw/testnis.mydomain at MYDOMAIN > 10 3 changepw/testnis.mydomain at MYDOMAIN > 11 3 kadmin/changepw at MYDOMAIN > 12 3 kadmin/changepw at MYDOMAIN > 13 3 kadmin/changepw at MYDOMAIN > 14 3 kadmin/changepw at MYDOMAIN > 15 3 kadmin/changepw at MYDOMAIN > 16 3 kiprop/testnis.mydomain at MYDOMAIN > 17 3 kiprop/testnis.mydomain at MYDOMAIN > 18 3 kiprop/testnis.mydomain at MYDOMAIN > 19 3 kiprop/testnis.mydomain at MYDOMAIN > 20 3 kiprop/testnis.mydomain at MYDOMAIN > > Does anyone have any ideas what this means? > > SunOS testnis 5.11 snv_85 i86pc i386 i86pc > > Thanks > -- > This messages posted from opensolaris.org > _______________________________________________ > kerberos-discuss mailing list > kerberos-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/kerberos-discuss >
