Solaris using Kerberos
Jeffrey Hutzelman
jhutz at cmu.edu
Tue Dec 7 20:00:26 EST 2004
On Tuesday, December 07, 2004 16:26:39 -0600 David A Flores
<David.A.Flores at uth.tmc.edu> wrote:
> Help anyone,
> We are using a Windows domain controller as a KDC and we are trying to
> authenticate a Solaris 9.0 OS box using Kerberos. The following is the
> command we use to create the keytab file:
>
> ktpass -princ host/dean19.uthsch.edu at UTHSCU.EDU -mapuser dean19 -pass *
> -out c:\dean19.keytab
>
> Once we create the keytab file we send it to the sever via ssh. Attached
> are the pam.conf file and the krb5.conf that we configured. One the
> computer called dean19 we ran the ktutil
>
> rkt /etc/krb5/dean.keytab
> wkt /etc/krb5/krb5.keytab
Why are you doing this, instead of just renaming the file?
> After the rkt and the wkt commands we do a list and it shows a "slot KVNO
> Principal"
You haven't quoted the whole output, so I can't be sure, but I think what
you are describing here is the output you get when there are _no_ keys in
the keytab -- the text you quoted is the column headers.
> But when we try to login to the box we get the following error.
>
> Dec 7 16:27:38 dean19 login: [ID 537602 auth.error] PAM-KRB5 (auth):
> krb5_verify_init_creds failed: Key table entry not found
This is consistent with the key service key not being in the keytab.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
More information about the Kerberos
mailing list