Date: 12 Apr 2004 14:36:33 -0700 From: [EMAIL PROTECTED] (melissa_benkyo) To: [EMAIL PROTECTED] Subject: setup kerberos client Message-ID: <[EMAIL PROTECTED]> Precedence: list Message: 5
Hello all,
its me againnn. :D I'm having trouble setting up a kerberos client on solaris 8. I'm running a kdc on a linux machine. and I want to use gss-server on the linux machine and run gss-client on the solaris machine. is this possible?
steps that I did: 1) add_principal host/<solaris_machine_name>@<REALM.COM> 2) ktadd -k /etc/krb5.keytab host/<solaris_machine_name>@<REALM.COM> 3) ktadd -k </tmp/host.keytab> host/<solaris_machine_name>@<REALM.COM> [to the same thing for sample1/<solaris_machine_name>@REALM.COM> 4) ftp the host.keytab and sample1.keytab to the solaris machine 5) gss-server -port 44444 -verbose sample1 output: GSS-API error acquiring credentials: Miscellaneous failure GSS-API error acquiring credentials: No principal in keytab matches desired name But if I use the sample/<linux_macine> output: GSS-API error acquiring credentials: Wrong rpincipal
solaris client side 6) kinit <kerberos user> (OK!) 7) gss-client -port 44444 sample "hello world"
can someone please tell me what I did wrong?
thanks!
The solaris server error message is what you get if it can't use the keytab. Solaris 8 only supports DES-CBC-CRC and DES-CBC-MD5.
1) Make sure those are the only encryption types for the server principal in on the KDC.
2) Re-create the keytab, making sure the kvno as well as the encryption types match.
I expect the client error is a result of the server error.
------------------------------------------------------------------------ ----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
[EMAIL PROTECTED], or [EMAIL PROTECTED]
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos