[23474] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Solaris 10 kadmin client

daemon@ATHENA.MIT.EDU (Wyllys Ingersoll)
Thu Mar 3 14:15:57 2005

From: Wyllys Ingersoll <Wyllys.Ingersoll@eng.sun.com>
Message-Id: <200503030422.j234MhpJ405742@jurassic.eng.sun.com>
To: kerberos@mit.edu
Date: Wed, 2 Mar 2005 20:22:43 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Ian Grant wrote:
> On Tue, 2005-03-01 at 12:17 -0600, Will Fiveash wrote:
> 
> 
> But the problem is not with the user principal, it is with the service
> principal. Read my message again. There is an undocumented -O switch on
> kadmind which, (in krb5-1.4 which is all I have source code for) reverts
> to KADM5_CONFIG_OLD_AUTH_GSSAPI and sets the service name to what one
> would expect (kadmin/admin). I have tried giving this switch to the
> Solaris kadmind without success:

Solaris kadmin and kadmind only support RPCSEC_GSS.  That option
is meaningless.

You can use either one with MIT 1.4, but Solaris only supports
RPCSEC_GSS.

> 
>>Note, Solaris kadmin uses secure RPC and does not interoperate with
>>MIT's kadmind.  I'm betting the same holds for Heimdal kadmind.  
> 
> 
> That's not progress! Why can't it fall back to the MIT protocol?

Solaris has never supported MITs admin protocol (AUTH_GSS).  
MIT now supports RPCSEC_GSS in 1.4, Solaris is not moving 
backwards to add support for AUTH_GSS.

-Wyllys

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post