Post-installation rlogin error

Mike Friedman mikef at ack.Berkeley.EDU
Fri Sep 27 12:34:41 EDT 2002


On Fri Sep 27 08:13:55 2002, Breeze Howard said:

> But this error is found in the /var/log/krb5kdc.log
> ----------------------------------------------------------------------------
> Sep 27 10:11:42 citest krb5kdc[22017](info): TGS_REQ (1 etypes {1})
> 128.186.6.13(88): UNKNOWN_SERVER: authtime 1033135885,
> bhoward at TEST.ACNS.FSU.EDU for host/citest at TEST.ACNS.FSU.EDU, Server not
> found in Kerberos database
> ----------------------------------------------------------------------------

Breeze,

Notice that the KDC thinks the server principal is 'host/citest', not
'host/citest.acns.fsu.edu'.  Your Solaris system's /etc/host probably
has the 'short' hostname as the default.  The Kerberos libraries do
a gethostbyname(gethostbyaddr()) of the IP address of the server host
to figure out the host service principal name.  You'd have to change
/etc/host so that the default hostname is the FQDN of the host.  (Or
else register the host principal using the short form of the hostname,
which is probably not a good idea, since there might at some later time
be another host in your domain whose first portion is also 'citest').

Mike

------------------------------------------------------------------------------
Mike Friedman                             System and Network Security
mikef at ack.Berkeley.EDU                    2484 Shattuck Avenue
1-510-642-1410                            University of California at Berkeley
http://ack.Berkeley.EDU/~mikef            http://security.berkeley.edu
------------------------------------------------------------------------------



More information about the Kerberos mailing list