setup kerberos client

melissa_benkyo wyl_lyf at yahoo.com
Tue Apr 13 09:44:03 EDT 2004


hi sridhar,

thanks for the reply. I did the steps you mentioned but the solaris
machine is looking up the sample/<solaris machine>@REALM.COM according
to the log. and if I add the sample/<solaris machine>@REALM.COM to the
keytab on the linux machine it says that the
> > GSS-API error acquiring credentials: Miscellaneous failure
> > GSS-API error acquiring credentials: No principal in keytab matches
> > desired name

any insights as to what the problem might be?

thanks!

Sridhar Bandi <bandis at india.hp.com> wrote in message news:<407B8436.20C99E70 at india.hp.com>...
> Hi,
> 
> As you want to run gss-server on the linux machine, you have to have the
> service principal sample1's key extracted into the linux machine's 
> default keytab file /etc/krb5.keytab.
> If you want to use solaris m/c as a gss-client then you don't need
> to extract any keys for the solaris m/c as you did.
> 
> So you just have to do:
> 
> 1) add_principal <test_user>
> 2) add_principal sample1/<linux_machine>@<REALM.COM>
> 3) ktadd -k /etc/krb5.keytab sample1/<linux_machine>@<REALM.COM>
> 
> 4.0) gss-server .... sample1 --------> on Linux m/c.
> 
> 4.1) kinit <test_user>       --------> on solaris m/c
> 4.2) gss-client .. sample1 "Hello World" ----> on solaris m/c
> 
> Good Luck.
> 
> Bandi
> 
> 
> melissa_benkyo wrote:
> > 
> > Hello all,
> > 
> > its me againnn. :D
> > I'm having trouble setting up a kerberos client on solaris 8. I'm
> > running a kdc on a linux machine. and I want to use gss-server on the
> > linux machine and run gss-client on the solaris machine. is this
> > possible?
> > 
> > steps that I did:
> > 1) add_principal host/<solaris_machine_name>@<REALM.COM>
> > 2) ktadd -k /etc/krb5.keytab host/<solaris_machine_name>@<REALM.COM>
> > 3) ktadd -k </tmp/host.keytab> host/<solaris_machine_name>@<REALM.COM>
> > [to the same thing for sample1/<solaris_machine_name>@REALM.COM>
> > 4) ftp the host.keytab and sample1.keytab to the solaris machine
> > 5) gss-server -port 44444 -verbose sample1
> > output:
> > GSS-API error acquiring credentials: Miscellaneous failure
> > GSS-API error acquiring credentials: No principal in keytab matches
> > desired name
> > But if I use the sample/<linux_macine>
> > output:
> > GSS-API error acquiring credentials: Wrong rpincipal
> > 
> > solaris client side
> > 6) kinit <kerberos user> (OK!)
> > 7) gss-client -port 44444 sample "hello world"
> > 
> > can someone please tell me what I did wrong?
> > 
> > thanks!


More information about the Kerberos mailing list