Matthew Wronkowski wrote: > We were unable to get Solaris 2.9 clients to authenticate with our MIT kerberos > server. We ended up installing MIT kerberos on the clients and uninstalling the > Solaris kerberos packages. I'm not sure if this is normal or if other people > have similar experiences. Our environment is extremely heterogeneous so we > normally ignore vendors kerberos implementations and use MIT instead. To note, > our kdc was running NetBSD 1.5 with krb 1.2.2. Solaris 2.9 clients use 1.2.5. > > Matthew
Isn't *BSD bundled with Heimdal ? I've seen that Solaris (and, perhaps, MIT, too) can't read keytabs created with Heimdal # /usr/heimdal/sbin/ktutil list FILE:/etc/krb5.keytab: Vno Type Principal 1 des-cbc-crc host/host@REALM 1 des-cbc-md4 host/host@REALM 1 des-cbc-md5 host/host@REALM 1 des3-cbc-sha1 host/host@REALM # ktutil ktutil: ? Available ktutil requests: clear_list, clear Clear the current keylist. read_kt, rkt Read a krb5 keytab into the current keylist. read_st, rst Read a krb4 srvtab into the current keylist. write_kt, wkt Write the current keylist to a krb5 keytab. write_st, wst Write the current keylist to a krb4 srvtab. delete_entry, delent Delete an entry from the current keylist. list, l List the current keylist. list_requests, lr, ? List available requests. quit, exit, q Exit program. ktutil: rkt /etc/krb5.keytab ktutil: list slot KVNO Principal ---- ---- -------------------------------------------------------------------------- 1 1 host/host@REALM 2 1 host/host@REALM 3 1 host/host@REALM 4 1 host/host@REALM Gintas ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
