On Wed, Apr 22, 2009 at 03:12:51PM -0500, McGranahan, Jamen wrote: > > > What options to configure did you use? > -- $ ./configure CC=gcc --prefix=/usr/local/krb5-1.6.3 > > Where is the krb5.conf? > -- /etc/krb5
/etc/krb5 is where the native Solaris krb5.conf file exists. By default MIT krb looks for /etc/krb5.conf not /etc/krb5/krb5.conf. You should also take care not to mix and match use of native Solaris services that use native Solaris krb while using MIT krb on the same system. For example it's best to avoid using the native Solaris pam_krb5.so.1 module when one is using some version of MIT krb kinit on the system. In general, I'd suggest using the native Solaris krb support unless you need a feature not supported by that krb (more on this below). > Is it world readable? > -- unknown > > Firewall issues? > -- I've wondered about that, but thought I would check here first. > > Is you realm name DS.VANDERBILT.EDU? > -- yes > > Is the KDC for DS.VANDERBUILT.ED Windows AD? > -- yes (I've got 2 other Sun boxes setup already with the same settings, > but they're running Sun Solaris 10) One issue we've seen when a MS AD is the KDC is that the AD may use TCP to send krb messages depending on how large the message is. This is a problem for Solaris 9 krb which only expects UDP to be used for krb messages. This issue has been addressed in Solaris 10 and OpenSolaris along with a number of krb related enhancements. The 1.6 MIT krb also supports this so I can understand why one may want to use MIT krb in this situation but you may want to consider upgrading Solaris. -- Will Fiveash Sun Microsystems Inc. http://opensolaris.org/os/project/kerberos/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
