On 10/ 8/09 04:09 PM, Mark Phalan wrote: > On 10/ 8/09 02:18 AM, Kyle McDonald wrote: >> Will Fiveash wrote: >>> On Wed, Oct 07, 2009 at 11:27:43PM +0200, Mark Phalan wrote: >>> >>>> On 7 Oct 2009, at 22:56, Kyle McDonald <KMcDonald at Egenera.COM> wrote: >>>> >>>> >>>>> Kyle McDonald wrote: >>>>> >>>>>> Ok. I was following the instructions for manually configuring a >>>>>> master KDC at: >>>>>> >>>>>> http://docs.sun.com/app/docs/doc/816-4557/setup-1?l=en&a=view >>>>>> >>>>>> Ah HA! I missed step 6c. on my way back through the directions. >>>>>> Thanks! >>>>>> >>>>>> >>>>> Wait, I didn't miss step 6c. Well I did, but only because it wasn't >>>>> there. ;) >>>>> >>>>> The link above is from the doc you linked to, the S10 HTML version >>>>> of the book I've been reading. >>>>> But I've been reading the _OpenSolaris_ PDF version of the book, >>>>> and step 6c - Writing out all the keys to the keytab file is >>>>> missing entirely from the OS version of this book. >>>>> >>>>> So is this a Documentation bug? >>>>> >>>> No, on OpenSolaris it's not necessary to add the entries to the >>>> keytab - it can read the key information it needs directly from the >>>> kdb. On S10 it *is* necessary. >>>> >>> >>> Ah, I forgot about that. Thanks for the reminder. Kyle, forget about >>> what I wrote about the kiprop entries in kadm5.keytab. >>> >>> >> Then why did the whole problem go away once I did write the all the >> keys to the keytab file? >> >> Is there some other bug here? >> > > So I investigated this a bit more. kadmind also complained to me about > not being able to set the RPCSEC_GSS service names. After looking at > truss output it became clear what the problem was - there was no > /etc/gss/mech file present in the local zone. It looks like SUNWkdc is > missing a dependency on SUNWgssc. Once SUNWgssc was installed I was able > to start kadmind without any kadm5.keytab in the local ipkg zone. > > $ pkg contents -t depend -o fmri SUNWkdc > FMRI > SUNWcs at 0.5.11-0.122 > SUNWcsl at 0.5.11-0.122 > SUNWgss at 0.5.11-0.122 > SUNWkrb at 0.5.11-0.122 > SUNWlldap at 0.5.11-0.122 > SUNWrsg at 0.5.11-0.122 > SUNWsmbs at 0.5.11-0.122 > $ > > I'll open a bug for this shortly.
Actually probably the dependency should be from SUNWkrb. In Nevada SUNWkrbu depends on SUNWgssc but in OpenSolaris SUNWkrb doesn't depend on SUNWgssc. -M
