More Solaris 9 questions

Joe Sunday sunday at csh.rit.edu
Wed Aug 7 11:20:07 EDT 2002


I've got a Solaris 9 client trying to authenticate against a NetBSD/Alpha
kdc running MIT 1.2.5.

I've created a host entry for the Solaris 9 host and dumped it to a keytab
file with ktadd, then scp'd that file
over to the Solaris box to /etc/krb5/krb5.keytab

Now when I try to telnet to the box, I get this:

login: username
Password:
PAM-KRB5 (auth): Error verifying TGT with host/foo.realm at REALM: Program
lacks support for encryption type

Here's the host and user principals (Machine names munged):

kadmin:  getprinc host/foo.realm
Principal: host/foo.realm at REALM
Expiration date: [never]
Last password change: Wed Aug 07 10:58:50 EDT 2002
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Aug 07 10:58:50 EDT 2002 (user/admin at REALM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 3, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 3, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]

kadmin:  getprinc sunday
Principal: username at REALM
Expiration date: [never]
Last password change: Wed Aug 07 10:36:31 EDT 2002
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Aug 07 10:36:31 EDT 2002 (user/admin at REALM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]

And here's the log from the kdc
Aug  7 11:15:08 kerberos krb5kdc[11542]: AS_REQ (2 etypes {3 1})
129.21.60.192(88): ISSUE: authtime 1028733308, etypes {rep=3 tkt=1 ses=1},
username at REALM for krbtgt/REALM at REALM
Aug  7 11:15:08 kerberos krb5kdc[11542]: TGS_REQ (2 etypes {3 1})
129.21.60.192(88): ISSUE: authtime 1028733308, etypes {rep=1 tkt=16 ses=1},
username at REALM for host/foo.realm at REALM

Can anyone tell me what I need to do now?
Thanks,
--Joe






More information about the Kerberos mailing list