<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2715.400" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>We have Windows 2000 Servers acting as Kerberos
KDCs</FONT></DIV>
<DIV><FONT face=Arial size=2>and Red Hat Linux 7.2 & Solaris 8 Servers
as Kerberos Clients.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Our people can ssh to linux servers and get
authenticated</FONT></DIV>
<DIV><FONT face=Arial size=2>against Win2k Kerberos KDC. There is no problem
here.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>However, when people ssh to solaris 8 servers -
following</FONT></DIV>
<DIV><FONT face=Arial size=2>symptoms are observed -</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>1. People can ssh once and login. But another ssh
session is </FONT></DIV>
<DIV><FONT face=Arial size=2> denied.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>2. Running the "klist" command in the logged
in session</FONT></DIV>
<DIV><FONT face=Arial size=2> of ssh gives the following error
-</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> klist: Credentials cache file
permissions incorrect </FONT></DIV>
<DIV><FONT face=Arial
size=2> while
setting cache flags (ticket cache /tmp/krb5cc_1003)<BR>
</FONT></DIV>
<DIV><FONT face=Arial size=2> I checked the permissions in
/tmp and observed that the </FONT></DIV>
<DIV><FONT face=Arial size=2> cache is </FONT><FONT face=Arial
size=2>owned by "root" instead of the logged in person.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>3. After the person logs out, he is denied login
access unless</FONT></DIV>
<DIV><FONT face=Arial size=2> I manually delete his cached
credentials from /tmp.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>What is notable is that "telnet" to solaris 8
servers works</FONT></DIV>
<DIV><FONT face=Arial size=2>just fine and has no such
problems.</FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I saw that there was some discussion on this topic
in the</FONT></DIV>
<DIV><FONT face=Arial size=2>mailing list archives but no definite
solution.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Is this a problem with ssh server on Solaris 8 or a
problem</FONT></DIV>
<DIV><FONT face=Arial size=2>with kerberos on Solaris 8 or what is it
?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Can someone guide me please ?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV><FONT face=Arial size=2>Parag Godkar.</DIV></FONT></BODY></HTML>