[29610] in Kerberos
RE: Trying to get Kerberos5 with Solaris 10.
daemon@ATHENA.MIT.EDU (Mukarram Syed)
Tue Apr 1 15:43:00 2008
From: "Mukarram Syed" <muksyed@stanford.edu>
To: <kerberos@mit.edu>
Date: Tue, 1 Apr 2008 12:40:31 -0700
Message-ID: <015d01c89430$3f7ee140$a61c42ab@stanford.edu>
MIME-Version: 1.0
In-Reply-To:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Any help regarding this would be appreciated. We are pretty much stuck.
Thanks
# mukarram
_____
From: Mukarram Syed [mailto:muksyed@stanford.edu]
Sent: Wednesday, March 26, 2008 5:12 PM
To: 'kerberos@mit.edu'
Subject: Trying to get Kerberos5 with Solaris 10.
Hi,
I am trying to install krb5 on Solaris 10 and have been rather successful.
But I am running into some problems, hence this email.
I could login to the box using a local account. I could then "kinit
username" and I get my kerberos tokens and I could view them via "kinit". I
could also do a "kdestroy"
However when I do a "ksu", I get the following error:
bash-3.00$ ksu
WARNING: Your password may be exposed if you enter it here and are logged
in remotely using an unsecure (non-encrypted) channel.
Kerberos password for username/root@stanford.edu: :
ksu: Server not found in Kerberos database while geting credentials from kdc
Authentication failed.
I checked the krb5.keytab which I have downloaded with wallet and installed
it.
I have also checked google
and this error usually appears when there is a FQDN problem. I have checked
this and fixed this problem.
The below clip is from this link:
http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/troubleshootin
g.html#misc_2
---CLIP START---
(various clients): Requesting host principal without fully-qualified domain
name
ksu: Server not found in Kerberos database while getting credentials from
kdc
ksu: Incorrect net address while geting credentials from kdc
I've seen this caused because the host uses /etc/hosts to resolve name
lookups before dns and the line for the host in /etc/hosts contains the
un-fully qualified domain name before the fully-qualified one.
For example /etc/hosts might contain:
141.142.1.1 trepid trepid.ncsa.uiuc.edu
Change this to:
141.142.1.1 trepid.ncsa.uiuc.edu trepid
I have also seen this problem caused by the /etc/hosts has a different IP
address in it for a host from what the DNS server has (using an nslookup).
---CLIP END---
I don't know what else could be the issue.
Also when I try to login to the box using my krb password, I get permission
denied errors even though I have populated my ~/.k5login file with
username@stanford.edu
Appreciate the advice.
Thanks
# mukarram syed.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
