[30726] in Kerberos
Assistance configuring kerberos services on Solaris 10
daemon@ATHENA.MIT.EDU (pspinler)
Sun Feb 15 16:06:13 2009
From: pspinler <pspinler@gmail.com>
Date: Sun, 15 Feb 2009 12:28:19 -0800 (PST)
Message-ID: <484fc8e5-9734-4ccd-8ddf-ff7b0bc8244a@r34g2000vbp.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi:
Please forgive my newbie question - I'm just now teaching myself
kerberos concepts.
I've just successfully created a proof of concept kerberos domain, and
successfully configured a rhel 4.6 linux to authenticate to it, in
that I can log into the redhat host, do a kinit, klist, etc.
Now I'm trying to similarly configure a solaris host. I've created a
host principle, loaded the machine's keytab, and once I've logged in
via a non-kerberos account, I can do a 'kinit some_kerb_principle'
successfully. I've additionally started a kerberized shell service,
e.g. 'svcadm disable rlogin ; svcadm enable klogin'
Now, once I have a tgt (as shown by klist) I'm attempting to use
either solaris's or redhat's kerberized rsh to connect to the solaris
box (either via loopback or across the network, respectively).
However, I get rejected, e.g.:
-- On solaris, rsh'ing back to itself: --
pjs11@kwanyin ~ $ kinit testuser01
Password for testuser01@KWANYIN.MAYO.EDU:
localhost: RPC: Rpcbind failure - RPC: Success
kinit: no ktkt_warnd warning possible
pjs11@kwanyin ~ $ klist
Ticket cache: FILE:/tmp/krb5cc_100
Default principal: testuser01@KWANYIN.MAYO.EDU
Valid starting Expires Service principal
02/15/09 14:13:40 02/15/09 22:13:40 krbtgt/
KWANYIN.MAYO.EDU@KWANYIN.MAYO.EDU
renew until 02/22/09 14:13:40
pjs11@kwanyin ~ $ rsh -a kwanyin
Note: The -a option nullifies all other Kerberos-specific
options you may have used.
kwanyin: Connection refused
No errors appear in the system error log when I attempt the rsh.
Can anyone please advise me how I would best debug this?
Thanks!
-- Pat
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
