On Sep 16, 2009, at 10:35 AM, Mark Phalan wrote: > On 09/16/09 07:20 PM, Henry B. Hotz wrote: >> I admit my motivation is from Solaris 10 experiences. Hope I'm not >> too >> off-topic. >> >> I have three "example" machines that interact with a Heimdal kdc very >> differently. Two of them should be identical: Jumpstarted at the >> same >> time, and have the same krb5.conf. No differences I've seen in the >> SMF >> configuration, though I haven't done a global compare. They both >> "work", but one of them always spits out e.g.: >> >> % kdestroy >> localhost: RPC: Rpcbind failure - RPC: Success >> >> while the other is silent (as expected). >> > > Whats the state of svc:/network/security/ktkt_warn on those machines?
jplit-int-krb01.jpl.nasa.gov% svcs ktkt_warn STATE STIME FMRI online Aug_20 svc:/network/security/ktkt_warn:default jplit-int-krb01.jpl.nasa.gov% exit --- jplit-int-krb02.jpl.nasa.gov% svcs ktkt_warn STATE STIME FMRI online Jun_18 svc:/network/security/ktkt_warn:default >> A third machine won't do timestamp pre-auth. It sends an AS-REQ, >> gets >> the pre-auth-required response, and just quits. (It works fine if I >> point it at a KDC that doesn't require pre-auth.) > > Does truss tell you anything? I'll check. > -M ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
