I've made all the tweaks suggested, and all the ones that I could think of, and I'm still getting the same message.
This is SXCE sNVb123 in case that matters. I've tried to capture all the info I think might matter below. Any ideas where this is going wrong? I'm following p394-398 0f the Open Solaris 'System Administration Guide: Security Services' Docutment. I can't get past the bottom of p396. > root at keymaster:/etc/krb5# > hostname > > > keymaster > root at keymaster:/etc/krb5# cat > /etc/nodename > > > keymaster > root at keymaster:/etc/krb5# cat > /etc/hostname.bge1 > > > keymaster-bge1 > root at keymaster:/etc/krb5# cat > /etc/hostname.e1000g0 > > > keymaster-e1000g0 > root at keymaster:/etc/krb5# cat > /etc/hosts > > > # CDDL HEADER START > # > # The contents of this file are subject to the terms of the > # Common Development and Distribution License (the "License"). > # You may not use this file except in compliance with the License. > # > # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE > # or http://www.opensolaris.org/os/licensing. > # See the License for the specific language governing permissions > # and limitations under the License. > # > # When distributing Covered Code, include this CDDL HEADER in each > # file and include the License file at usr/src/OPENSOLARIS.LICENSE. > # If applicable, add the following below this CDDL HEADER, with the > # fields enclosed by brackets "[]" replaced with your own identifying > # information: Portions Copyright [yyyy] [name of copyright owner] > # > # CDDL HEADER END > # > # Copyright 2006 Sun Microsystems, Inc. All rights reserved. > # Use is subject to license terms. > # > # ident "%Z%%M% %I% %E% SMI" > # > # Internet host table > # > ::1 localhost loghost > 127.0.0.1 localhost loghost > 172.30.171.20 keymaster keymaster.releng.egenera.com > keymaster-bge1 > 172.30.172.20 keymaster keymaster.releng.egenera.com > keymaster-e1000g0 > root at keymaster:/etc/krb5# cat > krb5.conf > > > # > # CDDL HEADER START > # > # The contents of this file are subject to the terms of the > # Common Development and Distribution License (the "License"). > # You may not use this file except in compliance with the License. > # > # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE > # or http://www.opensolaris.org/os/licensing. > # See the License for the specific language governing permissions > # and limitations under the License. > # > # When distributing Covered Code, include this CDDL HEADER in each > # file and include the License file at usr/src/OPENSOLARIS.LICENSE. > # If applicable, add the following below this CDDL HEADER, with the > # fields enclosed by brackets "[]" replaced with your own identifying > # information: Portions Copyright [yyyy] [name of copyright owner] > # > # CDDL HEADER END > # > # > # Copyright 2007 Sun Microsystems, Inc. All rights reserved. > # Use is subject to license terms. > # > # ident "@(#)krb5.conf 1.5 07/08/06 SMI" > # > > # krb5.conf template > # In order to complete this configuration file > # you will need to replace the __<name>__ placeholders > # with appropriate values for your network and uncomment the > # appropriate entries. > # > [libdefaults] > default_realm = RELENG.EGENERA.COM > > [realms] > RELENG.EGENERA.COM = { > kdc = kdc0.releng.egenera.com > # kdc = KDC1.RelEng.Egenera.COM > # kdc = KDC2.RelEng.Egenera.COM > # kdc = KDC3.RelEng.Egenera.COM > admin_server = kdc0.releng.egenera.com > } > > [domain_realm] > .releng.egenera.com = RELENG.EGENERA.COM > > [logging] > default = FILE:/var/krb5/kdc.log > kdc = FILE:/var/krb5/kdc.log > kdc_rotate = { > > # How often to rotate kdc.log. Logs will get rotated no more > # often than the period, and less often if the KDC is not used > # frequently. > > period = 1d > > # how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...) > > versions = 10 > } > > [appdefaults] > kinit = { > renewable = true > forwardable= true > } > gkadmin = { > help_url = > http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195 > } > root at keymaster:/etc/krb5# cat > kdc.conf > > > # > # CDDL HEADER START > # > # The contents of this file are subject to the terms of the > # Common Development and Distribution License, Version 1.0 only > # (the "License"). You may not use this file except in compliance > # with the License. > # > # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE > # or http://www.opensolaris.org/os/licensing. > # See the License for the specific language governing permissions > # and limitations under the License. > # > # When distributing Covered Code, include this CDDL HEADER in each > # file and include the License file at usr/src/OPENSOLARIS.LICENSE. > # If applicable, add the following below this CDDL HEADER, with the > # fields enclosed by brackets "[]" replaced with your own identifying > # information: Portions Copyright [yyyy] [name of copyright owner] > # > # CDDL HEADER END > # > # > # Copyright 1998-2002 Sun Microsystems, Inc. All rights reserved. > # Use is subject to license terms. > # > #ident "@(#)kdc.conf 1.3 05/06/08 SMI" > > [kdcdefaults] > kdc_ports = 88,750 > > [realms] > RELENG.EGENERA.COM = { > profile = /etc/krb5/krb5.conf > database_name = /var/krb5/principal > admin_keytab = /etc/krb5/kadm5.keytab > acl_file = /etc/krb5/kadm5.acl > kadmind_port = 749 > max_life = 8h 0m 0s > max_renewable_life = 7d 0h 0m 0s > default_principal_flags = +preauth > sunw_dbprop_enable = true > sunw_dbprop_master_ulogsize = 1000 > } > root at keymaster:/etc/krb5# cat > kadm5.acl > > > # > # Copyright 2005 Sun Microsystems, Inc. All rights reserved. > # Use is subject to license terms. > # > # CDDL HEADER START > # > # The contents of this file are subject to the terms of the > # Common Development and Distribution License, Version 1.0 only > # (the "License"). You may not use this file except in compliance > # with the License. > # > # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE > # or http://www.opensolaris.org/os/licensing. > # See the License for the specific language governing permissions > # and limitations under the License. > # > # When distributing Covered Code, include this CDDL HEADER in each > # file and include the License file at usr/src/OPENSOLARIS.LICENSE. > # If applicable, add the following below this CDDL HEADER, with the > # fields enclosed by brackets "[]" replaced with your own identifying > # information: Portions Copyright [yyyy] [name of copyright owner] > # > # CDDL HEADER END > # > #pragma ident "@(#)kadm5.acl 1.2 05/06/08 SMI" > > */admin at RELENG.EGENERA.COM * > #kiprop/kdc0.releng.egenera.com at RELENG.EGENERA.COM > #kiprop/kdc1.releng.egenera.com at RELENG.EGENERA.COM > #kiprop/kdc2.releng.egenera.com at RELENG.EGENERA.COM > #kiprop/kdc3.releng.egenera.com at RELENG.EGENERA.COM > > root at keymaster:/etc/krb5# tail > /var/krb5/kdc.log > > > Oct 07 14:08:08 keymaster kadmind[963](Error): Unable to set > RPCSEC_GSS service name (`kiprop at kdc0.releng.egenera.com'), failing. > Oct 07 14:08:08 keymaster kadmind[964](info): No dictionary file > specified, continuing without one. > Oct 07 14:08:08 keymaster kadmind[965](Error): Unable to set > RPCSEC_GSS service name (`kiprop at kdc0.releng.egenera.com'), failing. > Oct 07 14:08:08 keymaster kadmind[966](info): No dictionary file > specified, continuing without one. > Oct 07 14:08:08 keymaster kadmind[967](Error): Unable to set > RPCSEC_GSS service name (`kiprop at kdc0.releng.egenera.com'), failing. > Oct 07 14:08:08 keymaster kadmind[968](info): No dictionary file > specified, continuing without one. > Oct 07 14:08:08 keymaster kadmind[969](Error): Unable to set > RPCSEC_GSS service name (`kiprop at kdc0.releng.egenera.com'), failing. > Oct 07 14:08:09 keymaster kadmind[970](info): No dictionary file > specified, continuing without one. > Oct 07 14:08:09 keymaster kadmind[971](Error): Unable to set > RPCSEC_GSS service name (`kiprop at kdc0.releng.egenera.com'), failing. > Oct 07 14:09:09 keymaster kadmin.local[978](info): No dictionary file > specified, continuing without one. > root at keymaster:/etc/krb5# dig > keymaster.releng.egenera.com > > > > ; <<>> DiG 9.6.1-P1 <<>> keymaster.releng.egenera.com > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 507 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 6 > > ;; QUESTION SECTION: > ;keymaster.releng.egenera.com. IN A > > ;; ANSWER SECTION: > keymaster.releng.egenera.com. 600 IN A 172.30.172.20 > keymaster.releng.egenera.com. 600 IN A 172.30.171.20 > > ;; AUTHORITY SECTION: > releng.egenera.com. 600 IN NS DNS2.releng.egenera.com. > releng.egenera.com. 600 IN NS DNS3.releng.egenera.com. > releng.egenera.com. 600 IN NS DNS1.releng.egenera.com. > > ;; ADDITIONAL SECTION: > DNS1.releng.egenera.com. 600 IN A 172.30.172.81 > DNS1.releng.egenera.com. 600 IN A 172.30.171.81 > DNS2.releng.egenera.com. 600 IN A 172.30.172.82 > DNS2.releng.egenera.com. 600 IN A 172.30.171.82 > DNS3.releng.egenera.com. 600 IN A 172.30.172.83 > DNS3.releng.egenera.com. 600 IN A 172.30.171.83 > > ;; Query time: 2 msec > ;; SERVER: 172.30.171.81#53(172.30.171.81) > ;; WHEN: Wed Oct 7 14:21:33 2009 > ;; MSG SIZE rcvd: 231 > > root at keymaster:/etc/krb5# dig > kdc0.releng.egenera.com > > > > ; <<>> DiG 9.6.1-P1 <<>> kdc0.releng.egenera.com > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 314 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 6 > > ;; QUESTION SECTION: > ;kdc0.releng.egenera.com. IN A > > ;; ANSWER SECTION: > kdc0.releng.egenera.com. 600 IN CNAME > KeyMaster.releng.egenera.com. > KeyMaster.releng.egenera.com. 600 IN A 172.30.171.20 > KeyMaster.releng.egenera.com. 600 IN A 172.30.172.20 > > ;; AUTHORITY SECTION: > releng.egenera.com. 600 IN NS DNS1.releng.egenera.com. > releng.egenera.com. 600 IN NS DNS2.releng.egenera.com. > releng.egenera.com. 600 IN NS DNS3.releng.egenera.com. > > ;; ADDITIONAL SECTION: > DNS1.releng.egenera.com. 600 IN A 172.30.172.81 > DNS1.releng.egenera.com. 600 IN A 172.30.171.81 > DNS2.releng.egenera.com. 600 IN A 172.30.172.82 > DNS2.releng.egenera.com. 600 IN A 172.30.171.82 > DNS3.releng.egenera.com. 600 IN A 172.30.172.83 > DNS3.releng.egenera.com. 600 IN A 172.30.171.83 > > ;; Query time: 1 msec > ;; SERVER: 172.30.171.81#53(172.30.171.81) > ;; WHEN: Wed Oct 7 14:21:46 2009 > ;; MSG SIZE rcvd: 250 > > root at keymaster:/etc/krb5#
