Operating Systems & Kerbros

Gintautas Grigelionis g.grigelionis at computer.org
Fri Feb 14 03:17:46 EST 2003

Matthew Wronkowski wrote:

> We were unable to get Solaris 2.9 clients to authenticate with our MIT kerberos
> server.  We ended up installing MIT kerberos on the clients and uninstalling the
> Solaris kerberos packages. I'm not sure if this is normal or if other people
> have similar experiences.  Our environment is extremely heterogeneous so we
> normally ignore vendors kerberos implementations and use MIT instead. To note,
> our kdc was running NetBSD 1.5 with krb 1.2.2.  Solaris 2.9 clients use 1.2.5.
> Matthew

Isn't *BSD bundled with Heimdal ? I've seen that Solaris (and, perhaps,
MIT, too)
can't read keytabs created with Heimdal

# /usr/heimdal/sbin/ktutil list

Vno  Type           Principal                   
  1  des-cbc-crc    host/host at REALM
  1  des-cbc-md4    host/host at REALM
  1  des-cbc-md5    host/host at REALM
  1  des3-cbc-sha1  host/host at REALM

# ktutil
ktutil:  ?
Available ktutil requests:

clear_list, clear        Clear the current keylist.
read_kt, rkt             Read a krb5 keytab into the current keylist.
read_st, rst             Read a krb4 srvtab into the current keylist.
write_kt, wkt            Write the current keylist to a krb5 keytab.
write_st, wst            Write the current keylist to a krb4 srvtab.
delete_entry, delent     Delete an entry from the current keylist.
list, l                  List the current keylist.
list_requests, lr, ?     List available requests.
quit, exit, q            Exit program.
ktutil:  rkt /etc/krb5.keytab 
ktutil:  list
slot KVNO Principal
---- ----
   1    1             host/host at REALM
   2    1             host/host at REALM
   3    1             host/host at REALM
   4    1             host/host at REALM


More information about the Kerberos mailing list