Im not sure what you mean when you say you are running "version 5.1.3.1".
Are you running the Kerberos code that comes installed with Solaris 9 by default or did you put MIT kerberos on top of a Solaris 9 system and are trying to use MIT Kerberos instead?
Whose pam_krb5 module are you using - Sun's or an open source version?
You *can* put MIT KRB5 on a Solaris 9 system (though the Kerberos that comes with S9 is fully compatible with MIT KRB5 and in most cases you shouldn't need to install MIT), but you must make sure your $PATH variable is configured so that the MIT binaries are used before the Solaris binaries.
Example: /usr/local/bin/kinit must be found before /usr/bin/kinit in order to use the 3rd party version.
The Solaris Kerberos code expects the various Kerberos config files and keytab files to be kept in /etc/krb5/ instead of just in /etc which is where MIT expects to find them. Try creating softlinks from the /etc directory to the various files in /etc/krb5 if you are using MIT kerberos.
ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab ln -s /etc/krb5/krb5.conf /etc/krb5.conf
One other suggestion would be to remove the MIT installation from the Solaris 9 systems and use the supported Solaris Kerberos stuff, it will eliminate alot of confusion and mismatches like you are seeing.
-Wyllys
CJ Keist wrote:
Hello,
I'm setting up a test KDC running on Solaris 9. The version I'm running is 5.1.3.1. I have successfully installed and setup my KDC server. I have tested it out on RH9 and everything is working there, as in being authenticated and such. I'm now trying to get kerberos authentication to work on another Solaris 9 box. But am running into problems.
On the Solaris 9 box I have modified the pam.conf file to kerberos, copied the krb5.conf file from my kdc and ran kadmin as follows
kadmin - admin/admin : ktadd host/machine_name.domain : quit
When I tried to telnet into the system I got denied, the message in /var/adm/messages on the client box said something about "Bad encryption type". I found on the web to do ktadd the following:
kadmin -p admin/admin : ktremove host/machine_name.domain : ktadd -e des-cbc-crc:normal host/machine_name.domain : quit
This got rid of the "Bad encryption type" error, but I am now getting the following error in the messages file:
"Key table entry not found". I don't know if this is saying that its not finding the machine keytab or my UID on the KDC server? Does anyone have any help here?
Thanks...
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
