Sun SEAM kinit bug
Ben Cox
cox-work at djehuti.com
Fri Nov 1 12:29:01 EST 2002
The Sun SEAM version of kinit that ships with Solaris8 has a bug on
multi-homed hosts where it puts only one IP address in the TGT request,
and thus gets TGTs that don't work on the "other" interfaces.
If I use the MIT kinit, everything is cool, because I can either (a) use
"kinit -A" to get an addressless ticket, or (b) not use "-A", and MIT
kinit will get a ticket with the correct (full) list of IP addresses in
it. (Which I can verify with MIT's klist using "klist -efan".)
I've looked for Solaris patches that update kinit, but either there
aren't any or I'm not clever enough to find them.
Does anyone know of a Solaris patch that fixes kinit to either support
addressless tickets or use the correct IP address list on a multi-homed
host? (What about a PAM module for Solaris that does the right thing?)
Thanks in advance,
-- Ben
More information about the Kerberos
mailing list