[24124] in Kerberos
Re: Solaris 8 and mit kdc
daemon@ATHENA.MIT.EDU (Wyllys Ingersoll)
Tue Jun 21 17:00:27 2005
Message-ID: <42B87FB1.10706@sun.com>
Date: Tue, 21 Jun 2005 16:59:29 -0400
From: Wyllys Ingersoll <wyllys.ingersoll@sun.com>
MIME-Version: 1.0
To: fsoliv <fsoliv@gmail.com>
In-Reply-To: <4e9e334805062013552df0fe25@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
fsoliv wrote:
> Thank you for your email. However, I need to use Solaris own kerberos
> implementation.
>
> >>> Hello,
> >>>
> >>> Can anyone refer a link with information in configuring
> >>> kerberirezed rlogin in solaris8? I am using MIT-KDC 1.4.1 and
> >>> SEAM on all solaris 8 clients. Also, how do I add a keytab to a
> >>> solaris 8 machines. Should I create a file in a linux machine
> >>> and then copy it ot the solaris 8 box? If so, where should I
> >>> put the keytab?
> >>>
If you configure the MIT-KDC to use the RPCSEC_GSS protocol,
you should be able to use the SEAM 'kadmin' client to create keys
and populate the keytab on the Solaris 8 client.
If you don't want to do that (or can't figure out how), you can create
the keys on the KDC (using the MIT kadmin client tool) and then transfer
them to the Solaris box via some secure protocol (such as SSH).
The main keys you need on the SEAM client system are the
"host" principals for the client system:
ex: host/f.q.d.n@REALM
Also, if you want to use NFS with Solaris 8 SEAM you will
also need to create nfs/f.q.d.n principals as well and possibly
a "root/f.q.d.n" principal in order to use automount with secure
NFS file systems. All of this is well documented in the SEAM
online documentation at docs.sun.com - look it up and search
for SEAM.
Remember - the only keys that need to be in a keytab are those
that are specific to that host. One common misconception or
mistake that people make is to put keys in the keytab on host A
for services that only exist on other hosts.
-Wyllys
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
