[23976] in Kerberos
Re: Using Solaris 10 kadmin with MIT 1.4.1 kadmind
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Thu Jun 2 15:28:54 2005
Date: Thu, 2 Jun 2005 14:28:17 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "Douglas E. Engert" <deengert@anl.gov>
Message-ID: <20050602192817.GS27456@binky.Central.Sun.COM>
Mail-Followup-To: "Douglas E. Engert" <deengert@anl.gov>,
"'kerberos@mit.edu'" <kerberos@mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <429F5C04.6040208@anl.gov>
cc: "'kerberos@mit.edu'" <kerberos@mit.edu>
Errors-To: kerberos-bounces@mit.edu
Known bug.
Our RPCSEC_GSS APIs force us to use hostbased princs for the server, and
MIT krb5, though it now implements RPCSEC_GSS, did not match this behaviour.
On Thu, Jun 02, 2005 at 02:20:36PM -0500, Douglas E. Engert wrote:
> While trying to use the Solaris 10 Kerberos, most things in a mixed
> environment sort of work, but the kadmin does not.
>
> It appears that the Solaris 10 /usr/sbin/kadmin program is
> using the sun gss rpcs, and the MIT kadmind is not. The MIT kadmin
> is running on an older Solaris version.
>
> The kadmin gets a ticket for the admin doug/admin@TEST.REALM for
> kadmin/kdc.test.anl.gov@TEST.REALM as shown by the KDC logs.
>
> The Solaris 10 client says:
> kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
> and syslog says:
> GSS-API error: rpc_gss_seccreate failed
> three times for the client.
>
> This looks similar to the thread from 5/26-27 on
> "mixing sun solaris's rpc with mit's rpc"
>
> Any one (especially at Sun) have a solution?
>
>
>
>
> --
>
> Douglas E. Engert <DEEngert@anl.gov>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois 60439
> (630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
