Solaris 10 kadmin client
Wyllys Ingersoll
Wyllys.Ingersoll at eng.sun.com
Wed Mar 2 23:22:43 EST 2005
Ian Grant wrote:
> On Tue, 2005-03-01 at 12:17 -0600, Will Fiveash wrote:
>
>
> But the problem is not with the user principal, it is with the service
> principal. Read my message again. There is an undocumented -O switch on
> kadmind which, (in krb5-1.4 which is all I have source code for) reverts
> to KADM5_CONFIG_OLD_AUTH_GSSAPI and sets the service name to what one
> would expect (kadmin/admin). I have tried giving this switch to the
> Solaris kadmind without success:
Solaris kadmin and kadmind only support RPCSEC_GSS. That option
is meaningless.
You can use either one with MIT 1.4, but Solaris only supports
RPCSEC_GSS.
>
>>Note, Solaris kadmin uses secure RPC and does not interoperate with
>>MIT's kadmind. I'm betting the same holds for Heimdal kadmind.
>
>
> That's not progress! Why can't it fall back to the MIT protocol?
Solaris has never supported MITs admin protocol (AUTH_GSS).
MIT now supports RPCSEC_GSS in 1.4, Solaris is not moving
backwards to add support for AUTH_GSS.
-Wyllys
More information about the Kerberos
mailing list