Sun SEAM kinit bug
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Fri Nov 1 14:39:24 EST 2002
The 'kinit' in Solaris 9 supports the addressless ticket feature
(kinit -A), but the change was not backported into the SEAM
for Solaris 8 product.
Also, there are some patches for the SEAM pam_krb5
available, but they don't affect the IP address problem you
are having.
-Wyllys Ingersoll
Sun Microsystems
Ben Cox wrote:
> The Sun SEAM version of kinit that ships with Solaris8 has a bug on
> multi-homed hosts where it puts only one IP address in the TGT request,
> and thus gets TGTs that don't work on the "other" interfaces.
>
> If I use the MIT kinit, everything is cool, because I can either (a) use
> "kinit -A" to get an addressless ticket, or (b) not use "-A", and MIT
> kinit will get a ticket with the correct (full) list of IP addresses in
> it. (Which I can verify with MIT's klist using "klist -efan".)
>
> I've looked for Solaris patches that update kinit, but either there
> aren't any or I'm not clever enough to find them.
>
> Does anyone know of a Solaris patch that fixes kinit to either support
> addressless tickets or use the correct IP address list on a multi-homed
> host? (What about a PAM module for Solaris that does the right thing?)
>
> Thanks in advance,
>
> -- Ben
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list