On Wed, Sep 10, 2008 at 02:14:19PM -0500, Douglas E. Engert wrote: > Chavez, James R. wrote: > > Doug, Thanks for the reply. > > I am actually using kerberos for authenticating logins through ssh. > > Because I had no DNS entry for this Solaris box I was getting the > > following debug output from pam_krb5. > > > > Aug 26 10:24:21 solaris1.example.com sshd[1147]: [ID 537602 auth.error] > > PAM-KRB5 (auth): krb5_verify_init_creds failed: > > Hostname cannot be canonicalized. > > This sounds like the sshd can not determine its FQDN. A host should > be able to determine its name without DNS.
This is coming from krb5_sname_to_principal(), which is called from krb5_verify_init_creds(), which is called from pam_krb5:pam_sm_authenticate(). Solaris Kerberos specifically requires DNS to be configured. Nico -- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos