setup kerberos client
Henry B. Hotz
hbhotz at oxy.edu
Tue Apr 13 15:05:12 EDT 2004
On Apr 12, 2004, at 5:12 PM, kerberos-request at mit.edu wrote:
> Date: 12 Apr 2004 14:36:33 -0700
> From: wyl_lyf at yahoo.com (melissa_benkyo)
> To: kerberos at MIT.EDU
> Subject: setup kerberos client
> Message-ID: <304f3217.0404121336.5f9d0b67 at posting.google.com>
> Precedence: list
> Message: 5
>
> Hello all,
>
> its me againnn. :D
> I'm having trouble setting up a kerberos client on solaris 8. I'm
> running a kdc on a linux machine. and I want to use gss-server on the
> linux machine and run gss-client on the solaris machine. is this
> possible?
>
> steps that I did:
> 1) add_principal host/<solaris_machine_name>@<REALM.COM>
> 2) ktadd -k /etc/krb5.keytab host/<solaris_machine_name>@<REALM.COM>
> 3) ktadd -k </tmp/host.keytab> host/<solaris_machine_name>@<REALM.COM>
> [to the same thing for sample1/<solaris_machine_name>@REALM.COM>
> 4) ftp the host.keytab and sample1.keytab to the solaris machine
> 5) gss-server -port 44444 -verbose sample1
> output:
> GSS-API error acquiring credentials: Miscellaneous failure
> GSS-API error acquiring credentials: No principal in keytab matches
> desired name
> But if I use the sample/<linux_macine>
> output:
> GSS-API error acquiring credentials: Wrong rpincipal
>
> solaris client side
> 6) kinit <kerberos user> (OK!)
> 7) gss-client -port 44444 sample "hello world"
>
> can someone please tell me what I did wrong?
>
> thanks!
The solaris server error message is what you get if it can't use the
keytab. Solaris 8 only supports DES-CBC-CRC and DES-CBC-MD5.
1) Make sure those are the only encryption types for the server
principal in on the KDC.
2) Re-create the keytab, making sure the kvno as well as the encryption
types match.
I expect the client error is a result of the server error.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Kerberos
mailing list