[29611] in Kerberos
Re: Trying to get Kerberos5 with Solaris 10.
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Tue Apr 1 16:09:52 2008
Message-ID: <47F2963C.3060803@anl.gov>
Date: Tue, 01 Apr 2008 15:08:28 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Mukarram Syed <muksyed@stanford.edu>
In-Reply-To: <015d01c89430$3f7ee140$a61c42ab@stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Mukarram Syed wrote:
> Any help regarding this would be appreciated. We are pretty much stuck.
>
>
>
> Thanks
>
>
>
> # mukarram
>
>
>
> _____
>
> From: Mukarram Syed [mailto:muksyed@stanford.edu]
> Sent: Wednesday, March 26, 2008 5:12 PM
> To: 'kerberos@mit.edu'
> Subject: Trying to get Kerberos5 with Solaris 10.
>
>
>
> Hi,
>
>
>
> I am trying to install krb5 on Solaris 10 and have been rather successful.
What version of Kerberos?
How do you know you are successful?
> But I am running into some problems, hence this email.
>
> I could login to the box using a local account. I could then "kinit
> username" and I get my kerberos tokens and I could view them via "kinit". I
> could also do a "kdestroy"
Note: Solaris 10 has Kerberos too. Are you using the Solaris commands
in /usr/bin? (but not ksu.)
>
> However when I do a "ksu", I get the following error:
>
>
>
> bash-3.00$ ksu
>
> WARNING: Your password may be exposed if you enter it here and are logged
>
> in remotely using an unsecure (non-encrypted) channel.
>
> Kerberos password for username/root@stanford.edu: :
>
Do you have that principal in the KDC database? Why is the realm name
in lowercase? Kerberos is case sensitive, and usually has uppercase realm names.
> ksu: Server not found in Kerberos database while geting credentials from kdc
> Authentication failed.
>
>
>
> I checked the krb5.keytab which I have downloaded with wallet and installed
> it.
>
> I have also checked google
>
> and this error usually appears when there is a FQDN problem. I have checked
> this and fixed this problem.
>
If you fixed it then what problem are you seeing?
> The below clip is from this link:
>
> http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/troubleshootin
> g.html#misc_2
>
>
>
> ---CLIP START---
>
>
>
> (various clients): Requesting host principal without fully-qualified domain
> name
>
> ksu: Server not found in Kerberos database while getting credentials from
> kdc
>
> ksu: Incorrect net address while geting credentials from kdc
>
>
>
> I've seen this caused because the host uses /etc/hosts to resolve name
> lookups before dns and the line for the host in /etc/hosts contains the
> un-fully qualified domain name before the fully-qualified one.
>
>
>
> For example /etc/hosts might contain:
>
>
>
> 141.142.1.1 trepid trepid.ncsa.uiuc.edu
>
>
>
> Change this to:
>
>
>
> 141.142.1.1 trepid.ncsa.uiuc.edu trepid
>
>
>
> I have also seen this problem caused by the /etc/hosts has a different IP
> address in it for a host from what the DNS server has (using an nslookup).
>
>
>
> ---CLIP END---
>
>
>
> I don't know what else could be the issue.
>
>
>
> Also when I try to login to the box using my krb password, I get permission
> denied errors even though I have populated my ~/.k5login file with
> username@stanford.edu
>
>
>
> Appreciate the advice.
>
>
>
> Thanks
>
>
>
> # mukarram syed.
>
>
>
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
