On Thursday, August 14, 2003, at 02:50 PM, Wyllys Ingersoll wrote:
That was the version of MIT's kerberos I downloaded.
Im not sure what you mean when you say you are running "version 5.1.3.1".
Not using what comes with Solaris, I installed the MIT over Solaris's kerberos stuff.Are you running the Kerberos code that comes installed with Solaris 9 by default or did you put MIT kerberos on top of a Solaris 9 system and are trying to use MIT Kerberos instead?
Whose pam_krb5 module are you using - Sun's or an open source version?Still using whatever came with Solaris pam.conf.
You *can* put MIT KRB5 on a Solaris 9 system (though the Kerberos thatOn the client box I did try to use Solaris kerberos stuff, but was unable to get kadmin to talk to my KDC. Kept giving me a "realm missmatch" error. So I gave up and installed the MIT stuff, that got my kadmin to talk to my KDC.
comes with S9 is fully compatible with MIT KRB5 and in most cases you
shouldn't need to install MIT), but you must make sure your $PATH variable
is configured so that the MIT binaries are used before the Solaris
binaries.
I installed the MIT kerberos right over Solaris's kerberos stuff.Example: /usr/local/bin/kinit must be found before /usr/bin/kinit in order to use the 3rd party version.
Did that. Plust klist -ke does show my keytab file okay.The Solaris Kerberos code expects the various Kerberos config files and keytab files to be kept in /etc/krb5/ instead of just in /etc which is where MIT expects to find them. Try creating softlinks from the /etc directory to the various files in /etc/krb5 if you are using MIT kerberos.
ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab ln -s /etc/krb5/krb5.conf /etc/krb5.conf
One other suggestion would be to remove the MIT installation from the Solaris 9 systems and use the supported Solaris Kerberos stuff, it will eliminate alot of confusion and mismatches like you are seeing.
Looks like I will try that next. I didn't realize that Solaris 9 had kerberos already installed, just assumed I need to get the MIT version and install it.
-Wyllys------------------------------------------------------------------------ ---------------------------
CJ Keist wrote:Hello,
I'm setting up a test KDC running on Solaris 9. The version I'm running is 5.1.3.1. I have successfully installed and setup my KDC server. I have tested it out on RH9 and everything is working there, as in being authenticated and such. I'm now trying to get kerberos authentication to work on another Solaris 9 box. But am running into problems.
On the Solaris 9 box I have modified the pam.conf file to kerberos, copied the krb5.conf file from my kdc and ran kadmin as follows
kadmin - admin/admin
: ktadd host/machine_name.domain
: quit
When I tried to telnet into the system I got denied, the message in /var/adm/messages on the client box said something about "Bad encryption type". I found on the web to do ktadd the following:
kadmin -p admin/admin
: ktremove host/machine_name.domain
: ktadd -e des-cbc-crc:normal host/machine_name.domain
: quit
This got rid of the "Bad encryption type" error, but I am now getting the following error in the messages file:
"Key table entry not found". I don't know if this is saying that its not finding the machine keytab or my UID on the KDC server? Does anyone have any help here?
Thanks...
C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness'"
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
