[895] in Kerberos
general kerberos problems
daemon@ATHENA.MIT.EDU (Ron Cocchi)
Thu Mar 29 23:28:57 1990
From: cocchi%jerico.usc.edu@USC.EDU (Ron Cocchi)
To: kerberos@ATHENA.MIT.EDU
Cc: cocchi@jerico.MIT.EDU, alfonso@ATHENA.MIT.EDU
I am a new kerberos "administrator" for a research project
at USC. I have been playing with kerberos patchlevel 9
and have experienced the following two problems.
1.) I am able to obtain tickets, update the master database,
list tickets, add new users, install and authenticate the
"sample" service, and perform other similar operations.
I attempted to authenticate the rlogin service and was
unsuccessful. I followed the hints provided in the
"Kerberos Operations Notes DRAFT". I performed the following
actions:
1.) add the rcmd principal with instance kamalot to the
master database.
2.) created a new /etc/srvtab file
Upon executing the rlogin command to kamalot the following
message appears:
cocchi@kamalot(57):rlogin kamalot
rlogin: Host kamalot.usc.edu isn't registered for Kerberos rlogin service
trying normal rlogin (/usr/ucb/rlogin.ucb)
Last login: Thu Mar 29 14:34:33 on console
SunOS Release 4.0 (MONIT) #2: Sat Dec 16 19:38:32 PST 1989
CPU type Sun-3/60 with 4 MB of memory.
My initial investigation indicates that klogind dying somewhere.
2.) As I stated above, I am able to authenticate the sample
server/client. But when I tried turning on debug I could not
authenticate to test.test. I entered the principal test with
instance test and remade /etc/srvtab. (I don't believe a new
srvtab was necessary.) The following error occurred:
cocchi@kamalot(175):sample_client kamalot 22
Setting checksum to 22
sample_client: cannot authenticate to server: Generic kerberos error (kfailure)
After performing a klist the following tickets were displayed:
cocchi@kamalot(178):/usr/athena/klist
Ticket file: /tmp/tkt8136
Principal: cocchi@usc.edu
Issued Expires Principal
Mar 29 15:02:32 Mar 29 23:02:32 krbtgt.usc.edu@usc.edu
Mar 29 17:31:10 Mar 29 23:06:10 test.test@usc.edu
Can you please assist me in solving these problems?
One more thing I would like to mention that I discovered when playing
with rlogin. Executing rlogin on a Sun 3/60 produces a segmentation
fault instead on unknown host on a null host name.
I applied the following patch
if (!host) {
fprintf (stderr, "%s: unknown host\n", prog);
exit(1);
};
thank you,
Ron
