Hi: Please forgive my newbie question - I'm just now teaching myself kerberos concepts.
I've just successfully created a proof of concept kerberos domain, and successfully configured a rhel 4.6 linux to authenticate to it, in that I can log into the redhat host, do a kinit, klist, etc. Now I'm trying to similarly configure a solaris host. I've created a host principle, loaded the machine's keytab, and once I've logged in via a non-kerberos account, I can do a 'kinit some_kerb_principle' successfully. I've additionally started a kerberized shell service, e.g. 'svcadm disable rlogin ; svcadm enable klogin' Now, once I have a tgt (as shown by klist) I'm attempting to use either solaris's or redhat's kerberized rsh to connect to the solaris box (either via loopback or across the network, respectively). However, I get rejected, e.g.: -- On solaris, rsh'ing back to itself: -- pj...@kwanyin ~ $ kinit testuser01 Password for [email protected]: localhost: RPC: Rpcbind failure - RPC: Success kinit: no ktkt_warnd warning possible pj...@kwanyin ~ $ klist Ticket cache: FILE:/tmp/krb5cc_100 Default principal: [email protected] Valid starting Expires Service principal 02/15/09 14:13:40 02/15/09 22:13:40 krbtgt/ [email protected] renew until 02/22/09 14:13:40 pj...@kwanyin ~ $ rsh -a kwanyin Note: The -a option nullifies all other Kerberos-specific options you may have used. kwanyin: Connection refused No errors appear in the system error log when I attempt the rsh. Can anyone please advise me how I would best debug this? Thanks! -- Pat ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
