[19000] in Kerberos
Re: mit kerberosv5 1.2.7 - kadmin wont connect - please help
daemon@ATHENA.MIT.EDU (Matthew Mauzy)
Wed Apr 2 22:56:47 2003
Date: Wed, 02 Apr 2003 22:55:51 -0500
From: Matthew Mauzy <matthew_mauzy@unc.edu>
To: Yan <ymercier@mxtest.homedns.org>
Message-ID: <90833311.1049324151@[192.168.1.100]>
In-Reply-To: <003a01c2f994$cf712510$f600a8c0@yan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
cc: Kerberos Email List <kerberos@mit.edu>
Errors-To: kerberos-bounces@mit.edu
Yes sorry, those are LDAP objectClasses. Prior to having the shadowAccount
objectClass in my account I was getting the same "Secure RPC required"
error that you mentioned. Where are you getting account info from? Local
account? NIS?
--Matthew
--On Wednesday, April 02, 2003 10:55 PM -0500 Yan
<ymercier@mxtest.homedns.org> wrote:
> Are you talking about LDAP ?
> It looks like it, I would really like to plug my MIT Kerberos KDC into
> LDAP but it doesnt seem to support it so far. because I didnt
> see the option when configuring it.
>
> Here is the output of the principal Im am using for test :
>
> kadmin: getprinc yan/admin
> Principal: yan/admin@NEOTOKYO.COM
> Expiration date: [never]
> Last password change: Fri Mar 28 22:42:23 CST 2003
> Password expiration date: [none]
> Maximum ticket life: 0 days 10:00:00
> Maximum renewable life: 7 days 00:00:00
> Last modified: Fri Mar 28 22:42:23 CST 2003 (root/admin@NEOTOKYO.COM)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
> Number of keys: 3
> Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
> Key: vno 1, DES cbc mode with CRC-32, no salt
> Key: vno 1, DES cbc mode with CRC-32, Version 4
> Attributes:
> Policy: [none]
>
> How can I see these objectClass properties ?
>
> Yan
> ---------------------------------
> ----- Original Message -----
> From: "Matthew Mauzy" <matthew_mauzy@unc.edu>
> To: "Yan" <ymercier@mxtest.homedns.org>; <kerberos@mit.edu>
> Sent: Wednesday, April 02, 2003 10:37 PM
> Subject: Re: mit kerberosv5 1.2.7 - kadmin wont connect - please help
>
>
>> What objectClasses do you have defined for the user accounts? Make sure
>> that you have shadowAccount in there. Here's what I have:
>>
>> objectClass=person
>> objectClass=organizationalPerson
>> objectClass=inetOrgPerson
>> objectClass=posixAccount
>> objectClass=shadowAccount
>> objectClass=top
>> objectClass=krb5Principal
>>
>> --Matthew
>> __________________________________________________________________
>> Matthew W. Mauzy
>> Systems Administrator
>> Applied Math @ UNC-CH
>> email : mauzy@amath.unc.edu pager : mpager@amath.unc.edu
>> (W) 919.962.9819 www.amath.unc.edu/~mauzy/ (P) 919.347.0390
>> __________________________________________________________________
>>
>>
>> --On Wednesday, April 02, 2003 10:09 PM -0500 Yan
>> <ymercier@mxtest.homedns.org> wrote:
>>
>> > I tried to authenticate my solaris8 box with the bundled
>> > PAM_Kerb5 module, and it doesnt work because
>> > Sun SEAM Kdc is working with a SecureRPC method
>> > different than the one MIT Kerberos use.
>> >
>> > Is there a way to authenticate my solaris clients
>> > with the MIT kerberos KDC ?
>> >
>> > Thank you,
>> > Yan
>> > --------------
>> >
>>
__________________________________________________________________
Matthew W. Mauzy
Systems Administrator
Applied Math @ UNC-CH
email : mauzy@amath.unc.edu pager : mpager@amath.unc.edu
(W) 919.962.9819 www.amath.unc.edu/~mauzy/ (P) 919.347.0390
__________________________________________________________________
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
