Philippe - Verify that you have the Solaris Encryption Pack software installed. SEAM by default does not include support for encryption for export reasons. http://www.sun.com/solaris/encryption
Also, note that SEAM for Solaris 8 only supports single DES, so if your Win2K KDC is issuing keys with stronger crypto (e.g. 3DES), your SEAM clients and servers wont work. You can request specific encryption types when you create your principals in Win2K, I dont know the exact syntax of the commands but I'm pretty sure it can be done. Microsoft has a white paper on Win2K and Kerberos interoperability, check it out if you havent already: http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp Finally, verify that the keytab on the server side contains the correct host principal key so telnetd can properly authenticate the client (host/f.q.d.n @REALM). -Wyllys Philippe Perrin wrote: > Hi all > > We're trying to make SEAM (Solaris 8) work with a Windows 2000 KDC. Here are > the settings : > KDC : Windows 2000 > SEAM Kerberized Telnet Server : Solaris (/usr/krb5/lib/telnetd) > SEAM Kerberized Telnet Client : Solaris (/usr/krb5/bin/telnet) > > Acquiring the TGT works fine (kinit). But when running the telnet client, we > get the following error : > Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: > Unknown code 2 > > Any idea of what the problem might be ? > > Thanx a lot > > Philippe P > Francois L > >
