[5294] in Kerberos
Re: DECserver 700 and Kerberos; latest twist
daemon@ATHENA.MIT.EDU (Nick Hill)
Tue May 30 08:59:14 1995
To: kerberos@MIT.EDU
Date: 30 May 1995 12:23:28 GMT
From: nmh1@ccdaw1.cc.rl.ac.uk (Nick Hill)
Reply-To: nmh1@ve.rl.ac.uk
In article <D9BM1I.LB8@emr1.emr.ca>, Arthur Yasinski <ayasinski@nofc.forestry.ca>
writes:
>I had time to kill this weekend, so I tried to tackle the user authentication
>problem again with my DECserver 700.
>
>I had no success with Kerberos 5 and the backward compatability option, so I
>took a step backwards and set up a Kerberos version 4 server on my SunOS
>workstation.
>
>All seems to be working tickety-boo from the local machine. However, I am
>still have problems with the user authentication from the DECserver.
>
>Obviously, I do not want to start my Monday with a plethora of flames, so
>here are some technical details and logs showing what I've done...or failed
>to do.
>
>Basically, if someone can let me know what I'm missing, it would be much
>appreciated!!
>
>------------------------------
>Here is what my DECserver Kerberos setup looks like:
>
>>Lifetime: 0 08:00:00 Retransmit Timeout: 0 00:00:08
>>Ticket service port: 750 Password service port: 752
>>
>>Default Realm: nofc.forestry.ca
>> Secret: (Entered)
>> Domain: nofc.forestry.ca (Implied)
>>
>> Host: machine1.nofc.forestry.ca
>
> (Note: I have changed the password service port to 750, with no success)
>
>---------------------------
>Here is a sample from my log file:
>
>>28-May-95 21:02:02 Initial ticket request Host: 192.75.yyy.xxx User: "tuser" ""
>>28-May-95 21:02:02 INITIAL request from juser. for rcmd.DS700
>>28-May-95 21:02:06 Initial ticket request Host: 192.75.yyy.xxx User: "tuser" ""
>>28-May-95 21:02:06 INITIAL request from juser. for rcmd.DS700
>
> Where 192.75.yyy.xxx is the IP address of my DECserver.
>
> Note: The rcmd.DS700 set off some flags for myself and I did the following:
> 1) ran kadmin, and added rcmd.DS700
> 2) ran ksrvutil add, with rcmd.DS700 as well
> 3) ran ksrvutil change
>
> I am not sure if I need to add anything to my inetd.conf file on the kdc
> (machine1).
>
>----------------------------------
>
>Thanks,
>Arthur
> -----------------------------------------------------------------
>| ARTHUR YASINSKI | Dept. of Natural Resources Canada |
>| NWR Informatics | CFS, Northern Forestry Centre |
>|-----------------------------| 5320-122 St. Edmonton, Alberta |
>| My job is to come up with | T6H 3S5 Phone: (403) 435-7352 |
>| solutions...not excuses! | Email: ayasinski@nofc.forestry.ca |
> -----------------------------------------------------------------
>
>
I have successfully configured a DECserver 700 to use kerberos with a VMS
host running Multinet TCP/IP as the kerberos server. As you noticed you need
to register rcmd with the correct instance, in your case DS700. Did you also
give it the password you entered on the DECserver when defining the realm -
it is set as you kerberos settings show secret as (Entered). If you did not
register rcmd.DS700 with this password it will not work. The other problem I
hit was to remember that realms are case sensitive. If you have
nofc.forestry.ca on the DECserver and NOFC.FORESTRY.CA in the master database
as the realm name it won't work either.
Anyway it dose work for me and the users can use the kpasswd command to alter
their kerberos passwords as well.
-
Nick Hill
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computing and Information Systems Department
Rutherford Appleton Laboratory
Chilton
Didcot Internet: nmh1@axprl1.rl.ac.uk
Oxfordshire Janet: nmh1@uk.ac.rl.axprl1
OX11 0QX DECnet: omni:.uk.ac.rl.axprl1::nmh1
ENGLAND 20054::nmh1
WWW: http://www.cis.rl.ac.uk/people/nmh1/contact.html
Tel: +44 (0)1235-445598
Fax: +44 (0)1235-446626
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
