Books on kerberos

Roger Ashby ashbyr at thruport.com
Wed Feb 19 00:45:33 EST 2003 

Hello Jason, 

	I'm actually quite interested in reviewing any of your book.  Currently I'm 
trying to implement Kerberos across all of our many platforms here.  I've 
recently finshed Kerberizing over 170 machines with linux and solaris 
installed (mostly linux of different distros and versions).  I can personally 
asstest to how difficult this was even though there seems to be a lot of 
guides on how to get things running there are very few sources telling you 
what could go wrong, and what to look for when you you get error messages.  
More often then not, when typed a error that Kerberos spit out into google, I 
got a web pages with list of possible kerberos errors (programmers guides I 
presume) which of course didn't help me at all.  Some of the most recent 
problems I've come across are: 

	I've opted to use a the MIT version of Kerberos that comes with Redhat 7.3 as 
my KDC, and on the solaris machines to use the SEAM Kerberos that comes with 
Solaris 8 and 9.  Now everything installs fine, but for some reason I can 
login to some server eklogin and some server prompt me for a password. I'm 
not sure what the difference between the machines could be I've checked every 
file I can think of for differences. The funny thing is that I can rsh 
(encrypted) to all of these machines.  I've been unable to find anything on 
the net about this problem. 

       Secondly, we've have several windows 2000 and Win NT 4 servers that we 
want to kerberize. For some reason none of the very limited on-line guides 
seem to give sufficient information in the area that all the kerberos 
documentation lack, ie, if it doesn't work look for X. I've used the ksetup 
program, mapped the user to a new user I created on the KDC. However upon 
examination of the logs it seems that the machine is sending it's name as 
simple it's domain name with out the localhost name.  I'm not sure why this 
is (as when I check the identification is identified with a hostname, ie, 
hostname.domainname.com) and I can't find any information on-line about this.

	Thirdly there seems to be lots of documentation about how to turn OS X 
machines into client machines (apparently putting the kr5.conf configuration 
in a mit.edu.Kerberos file), however there is very little information about 
how to get to (install) utilities like kadmin so that I can create principles 
and keys for these machines remotely, and how to start servers like eklogin & 
krsh.


I'll end my grievances with current documentation now, I hope I've given you 
some areas to explore if you haven't already come across similar problems.  I 
think it really great that you are writting this book.  It will be a much 
appreciated tome in the system engineers library, and I'm happy to help in 
any way I can. :) 

-- 
Roger Nathanial Ashby                                           ____  o  o
System Engineer           o     ___/|__      o                 (_/\_)oo
                           o  _/       \  /|   o     ___/|__
Thruport Technologies, Inc   /  @ \\    \/ | o     _/       \  /|
5440 Cherokee Ave.           \_   //    /\ |   o  /  @ \\    \/ |
Alexandria, VA 22312           \_______/  \|      \_   //    /\ |
                                                    \_______/  \|
ashbyr at thruport.com			           http://www.thruport.com
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

More information about the Kerberos mailing list