Operating Systems & Kerbros
Gintautas Grigelionis
g.grigelionis at computer.org
Fri Feb 14 03:17:46 EST 2003
Matthew Wronkowski wrote:
> We were unable to get Solaris 2.9 clients to authenticate with our MIT kerberos
> server. We ended up installing MIT kerberos on the clients and uninstalling the
> Solaris kerberos packages. I'm not sure if this is normal or if other people
> have similar experiences. Our environment is extremely heterogeneous so we
> normally ignore vendors kerberos implementations and use MIT instead. To note,
> our kdc was running NetBSD 1.5 with krb 1.2.2. Solaris 2.9 clients use 1.2.5.
>
> Matthew
Isn't *BSD bundled with Heimdal ? I've seen that Solaris (and, perhaps,
MIT, too)
can't read keytabs created with Heimdal
# /usr/heimdal/sbin/ktutil list
FILE:/etc/krb5.keytab:
Vno Type Principal
1 des-cbc-crc host/host at REALM
1 des-cbc-md4 host/host at REALM
1 des-cbc-md5 host/host at REALM
1 des3-cbc-sha1 host/host at REALM
# ktutil
ktutil: ?
Available ktutil requests:
clear_list, clear Clear the current keylist.
read_kt, rkt Read a krb5 keytab into the current keylist.
read_st, rst Read a krb4 srvtab into the current keylist.
write_kt, wkt Write the current keylist to a krb5 keytab.
write_st, wst Write the current keylist to a krb4 srvtab.
delete_entry, delent Delete an entry from the current keylist.
list, l List the current keylist.
list_requests, lr, ? List available requests.
quit, exit, q Exit program.
ktutil: rkt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
---- ----
--------------------------------------------------------------------------
1 1 host/host at REALM
2 1 host/host at REALM
3 1 host/host at REALM
4 1 host/host at REALM
Gintas
More information about the Kerberos
mailing list