[6908] in Kerberos
KV4, ovtelnetd setup and tickets expired life time on OpenV*Secure NX
daemon@ATHENA.MIT.EDU (Victor C.M. Lai)
Tue Mar 19 01:13:37 1996
To: kerberos@MIT.EDU
Date: 19 Mar 1996 01:19:24 GMT
From: vilai@PROBLEM_WITH_INEWS_GATEWAY_FILE.MIT.EDU (Victor C.M. Lai)
Dear Sir,
We got an evaluation copy (30 days) of OpenV*Secure NX Version 1.2.1
for Solaris 2.3, 2.4 (Serial no. 214455) and setup the Kerberos
(Verion 5) envirnoment on a SUN workstation running Solaris 2.5 (SunOS 5.5).
We are facing the difficulties as follows :
Problem 1 ) Kerberos Version 4 (KV4) support
In OpenV*secure System Administrator's Guide, page 32, it said that :
" 1. Create the KV4 principal used by the service and the corresponding KV5
principal, "with same password", in the OpenV*Secure database with
OpenV*SecureAdmin. For KV4 "rcmd.hostname" principals, such as those used
by ..........., the corrsponding KV5 principle name is "host.hostname".
" 2. Use kdb5_edit's "extract_v4_srvtab" .............................
......(usually /etc/srvtab),..........................................
......it should contain "rcmd.hostname" but does not need to contain
"host/hostname"........
Question 1) What is the exact meaning of the "with same password" ??
How and Why need to set the "same password" for the service
principle ??
Question 2) Which service principle "rcmd.hostname" or "rcmd/hostname"
need to create ??
Question 3) We have tried to create a service principle called
"rcmd.demo18" ,
but we can't extract it into a KV4 srvtab file using
kdb5_edit's "extract_v4_srvtab", because the "extract_v4_srvtab"
requires give "instance name [name ...]" and We used :
extract_v4_srvtab rcmd.demo18
or
extract_v4_srvtab demo18 rcmd
Both of them can't workable ...
Would you mind tell me the correct syntax to extract
"rcmd.demo18" into /etc/srvtab ??
==========================================================================
Problem 2 ) ovtelnetd and ovtelnet setup
We have tried to copy the "ovtelnetd" and "ovtelnet" and man pages into
corresponding directories, but we don't know how to set up the "ovtelnetd"
in the /etc/inetd.conf and /etc/services ..... What is the default TCP
port of ovtelnetd ??
===========================================================================
Problem 3) Ticket expired time problems
We found that although both of the initial granting ticket (krbtgt) and
(host/demo18) are expired, we still can used "ovrlogin" and login into the
remote machine demo18. The system indicate the tickets are expired until
more 20-30 mins after expired time.
============================================================================
Regards,
Victor Lai
