[29678] in Kerberos
Re: kprop between master (solaris) and slave (mandriva)
daemon@ATHENA.MIT.EDU (Markus Moeller)
Fri Apr 11 16:27:20 2008
To: kerberos@mit.edu
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Fri, 11 Apr 2008 21:24:23 +0100
Message-ID: <ftohgs$5ek$1@ger.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
In-Reply-To: <ftnvi8$r90$1@news.onet.pl>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
The problem is that Solaris uses another principal.
After checking the documentation I found that Solaris requires a kiprop/fqdn
principal whereas the default MIT kprop client sends a host/fqdn principal.
I created a patch for MIT (see below), but that would be for mandriva as
master and Solaris as slave.
--- /home/bisclark/krb/BUILD/krb5-1.3.4.old/src/slave/kprop.c
2007-03-27 10:02:52.000000000 -0700
+++ /home/bisclark/krb/BUILD/krb5-1.3.4/src/slave/kprop.c
2007-03-27 15:58:50.000000000 -0700
@@ -56,6 +56,7 @@
int debug = 0;
char *srvtab = 0;
char *slave_host;
+char *service_name = KPROP_SERVICE_NAME;
char *realm = 0;
char *file = KPROP_DEFAULT_FILE;
short port = 0;
@@ -93,7 +94,7 @@
static void usage()
{
- fprintf(stderr, "\nUsage: %s [-r realm] [-f file] [-d] [-P port] [-s
srvtab] slave_host\n\n",
+ fprintf(stderr, "\nUsage: %s [-n service_name] [-r realm] [-f file]
[-d] [-P port] [-s srvtab] slave_host\n\n",
progname);
exit(1);
}
@@ -153,6 +154,15 @@
word++;
while (word && (ch = *word++)) {
switch(ch){
+ case 'n':
+ if (*word)
+ service_name = word;
+ else
+ service_name = *argv++;
+ if (!service_name)
+ usage();
+ word = 0;
+ break;
case 'r':
if (*word)
realm = word;
@@ -260,7 +270,7 @@
*/
memset((char *)&creds, 0, sizeof(creds));
retval = krb5_sname_to_principal(context,
- slave_host, KPROP_SERVICE_NAME,
+ slave_host, service_name,
KRB5_NT_SRV_HST, &creds.server);
if (retval) {
com_err(progname, errno, "while setting server principal name");
And then run kprop with -n kiprop@KRB.DOMAIN.NAME
Markus
"Marcin N" <nichu@nospam.onet.pl> wrote in message
news:ftnvi8$r90$1@news.onet.pl...
> Douglas E. Engert wrote:
>>
>>
>>
>> And different versions of Kerberos too. It look like the solaris master
>> is the vendor provided Solaris 10 Kerberos. The mandriva slave looks like
>> some variant of MIT 1.4.2.
>>
>> They both may store configuration files in different locations.
>> Solaris tends to use /etc/krb5. Check both sets on man pages.
>>
>> Both kprop and kpropd have -d options in both Solairs and MIT.
>>
>>
> .
> .
> .
>
>
>>
>> Host names including the KDC, should be FQDN.
>>
>
> Thank You for reply...
> I changed names in krb conf to FQDN.
> I also checked paths in both OS and they were good /etc/krb5 in solaris
> and /etc/kerberos/krb5kdc and /etc in mandriva
>
> and still it doesn't work ...
> When I execute kpropd -d there is an error:
> kpropd: getpeername: Socket operation on non-socket
>
> so only kropd -S works for me...
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
