[24185] in Kerberos
Re: Solaris 8 and mit kdc
daemon@ATHENA.MIT.EDU (Wyllys Ingersoll)
Thu Jun 30 08:36:16 2005
Message-ID: <42C3E707.8000509@sun.com>
Date: Thu, 30 Jun 2005 08:35:19 -0400
From: Wyllys Ingersoll <wyllys.ingersoll@sun.com>
MIME-Version: 1.0
To: fsoliv <fsoliv@gmail.com>
In-Reply-To: <4e9e3348050630041041867109@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
fsoliv wrote:
> Before typing this command I do kinit -f username.
>
> Also, i can't find a field in seam's krb5.conf file to configure the
> location of the keytabs. I have placed the krb5.keytab extracted
> from a linux machine into /etc/krb5/.
That is correct. The keytab on Solaris is /etc/krb5/krb5.keytab
On the Solaris box (as root), run "klist -ke" - this should show
you the contents of the keytab file. It *should* contain
a DES key for "host/foo.bar.com@YOUR.REALM" (Solaris 8).
Also, look in the KDC log files to see if the either the client
or the server is requesting keys for things the KDC does
not know about.
Kerberos is very sensitive to naming issues - we like to recommend
that you always use fully qualified hostnames for your host
based service principals and make sure that your naming
service returns f.q.d.n names for reverse address lookups.
What naming service are you using to resolve hostnames
(DNS, NIS, or just flat files like /etc/hosts) ?
-Wyllys
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
