On 10/ 8/09 02:18 AM, Kyle McDonald wrote: > Will Fiveash wrote: >> On Wed, Oct 07, 2009 at 11:27:43PM +0200, Mark Phalan wrote: >> >>> On 7 Oct 2009, at 22:56, Kyle McDonald <KMcDonald at Egenera.COM> wrote: >>> >>> >>>> Kyle McDonald wrote: >>>> >>>>> Ok. I was following the instructions for manually configuring a >>>>> master KDC at: >>>>> >>>>> http://docs.sun.com/app/docs/doc/816-4557/setup-1?l=en&a=view >>>>> >>>>> Ah HA! I missed step 6c. on my way back through the directions. >>>>> Thanks! >>>>> >>>>> >>>> Wait, I didn't miss step 6c. Well I did, but only because it wasn't >>>> there. ;) >>>> >>>> The link above is from the doc you linked to, the S10 HTML version >>>> of the book I've been reading. >>>> But I've been reading the _OpenSolaris_ PDF version of the book, and >>>> step 6c - Writing out all the keys to the keytab file is missing >>>> entirely from the OS version of this book. >>>> >>>> So is this a Documentation bug? >>>> >>> No, on OpenSolaris it's not necessary to add the entries to the >>> keytab - it can read the key information it needs directly from the >>> kdb. On S10 it *is* necessary. >>> >> >> Ah, I forgot about that. Thanks for the reminder. Kyle, forget about >> what I wrote about the kiprop entries in kadm5.keytab. >> >> > Then why did the whole problem go away once I did write the all the keys > to the keytab file? > > Is there some other bug here? >
So I investigated this a bit more. kadmind also complained to me about not being able to set the RPCSEC_GSS service names. After looking at truss output it became clear what the problem was - there was no /etc/gss/mech file present in the local zone. It looks like SUNWkdc is missing a dependency on SUNWgssc. Once SUNWgssc was installed I was able to start kadmind without any kadm5.keytab in the local ipkg zone. $ pkg contents -t depend -o fmri SUNWkdc FMRI SUNWcs at 0.5.11-0.122 SUNWcsl at 0.5.11-0.122 SUNWgss at 0.5.11-0.122 SUNWkrb at 0.5.11-0.122 SUNWlldap at 0.5.11-0.122 SUNWrsg at 0.5.11-0.122 SUNWsmbs at 0.5.11-0.122 $ I'll open a bug for this shortly. This problem shows up in local zones because SUNWgssc isn't installed by default when installing a local zone. Certainly apart from this issue everything seems to be working fine for me on opensolaris 122. Could you have been hitting this problem? -M
