setup kerberos client
Sridhar Bandi
bandis at india.hp.com
Tue Apr 13 02:23:31 EDT 2004
Hi,
As you want to run gss-server on the linux machine, you have to have the
service principal sample1's key extracted into the linux machine's
default keytab file /etc/krb5.keytab.
If you want to use solaris m/c as a gss-client then you don't need
to extract any keys for the solaris m/c as you did.
So you just have to do:
1) add_principal <test_user>
2) add_principal sample1/<linux_machine>@<REALM.COM>
3) ktadd -k /etc/krb5.keytab sample1/<linux_machine>@<REALM.COM>
4.0) gss-server .... sample1 --------> on Linux m/c.
4.1) kinit <test_user> --------> on solaris m/c
4.2) gss-client .. sample1 "Hello World" ----> on solaris m/c
Good Luck.
Bandi
melissa_benkyo wrote:
>
> Hello all,
>
> its me againnn. :D
> I'm having trouble setting up a kerberos client on solaris 8. I'm
> running a kdc on a linux machine. and I want to use gss-server on the
> linux machine and run gss-client on the solaris machine. is this
> possible?
>
> steps that I did:
> 1) add_principal host/<solaris_machine_name>@<REALM.COM>
> 2) ktadd -k /etc/krb5.keytab host/<solaris_machine_name>@<REALM.COM>
> 3) ktadd -k </tmp/host.keytab> host/<solaris_machine_name>@<REALM.COM>
> [to the same thing for sample1/<solaris_machine_name>@REALM.COM>
> 4) ftp the host.keytab and sample1.keytab to the solaris machine
> 5) gss-server -port 44444 -verbose sample1
> output:
> GSS-API error acquiring credentials: Miscellaneous failure
> GSS-API error acquiring credentials: No principal in keytab matches
> desired name
> But if I use the sample/<linux_macine>
> output:
> GSS-API error acquiring credentials: Wrong rpincipal
>
> solaris client side
> 6) kinit <kerberos user> (OK!)
> 7) gss-client -port 44444 sample "hello world"
>
> can someone please tell me what I did wrong?
>
> thanks!
More information about the Kerberos
mailing list