setup kerberos client

Sridhar Bandi bandis at india.hp.com
Tue Apr 13 02:23:31 EDT 2004


Hi,

As you want to run gss-server on the linux machine, you have to have the
service principal sample1's key extracted into the linux machine's 
default keytab file /etc/krb5.keytab.
If you want to use solaris m/c as a gss-client then you don't need
to extract any keys for the solaris m/c as you did.

So you just have to do:

1) add_principal <test_user>
2) add_principal sample1/<linux_machine>@<REALM.COM>
3) ktadd -k /etc/krb5.keytab sample1/<linux_machine>@<REALM.COM>

4.0) gss-server .... sample1 --------> on Linux m/c.

4.1) kinit <test_user>       --------> on solaris m/c
4.2) gss-client .. sample1 "Hello World" ----> on solaris m/c

Good Luck.

Bandi


melissa_benkyo wrote:
> 
> Hello all,
> 
> its me againnn. :D
> I'm having trouble setting up a kerberos client on solaris 8. I'm
> running a kdc on a linux machine. and I want to use gss-server on the
> linux machine and run gss-client on the solaris machine. is this
> possible?
> 
> steps that I did:
> 1) add_principal host/<solaris_machine_name>@<REALM.COM>
> 2) ktadd -k /etc/krb5.keytab host/<solaris_machine_name>@<REALM.COM>
> 3) ktadd -k </tmp/host.keytab> host/<solaris_machine_name>@<REALM.COM>
> [to the same thing for sample1/<solaris_machine_name>@REALM.COM>
> 4) ftp the host.keytab and sample1.keytab to the solaris machine
> 5) gss-server -port 44444 -verbose sample1
> output:
> GSS-API error acquiring credentials: Miscellaneous failure
> GSS-API error acquiring credentials: No principal in keytab matches
> desired name
> But if I use the sample/<linux_macine>
> output:
> GSS-API error acquiring credentials: Wrong rpincipal
> 
> solaris client side
> 6) kinit <kerberos user> (OK!)
> 7) gss-client -port 44444 sample "hello world"
> 
> can someone please tell me what I did wrong?
> 
> thanks!


More information about the Kerberos mailing list