Solaris9 server as client

Pierre Goyette pierre at montreal.hcl.com
Sun Jun 20 19:46:38 EDT 2004


Douglas,

With Solaris 9 (even up to Solaris 9 4/04), there is a bug that was
introduced with patch 112908. With this patch installed, you can not
properly authenticate when the Solaris 9 box is a Kerberos application
server. The bug is in the pam_krb5.so.1 library. Sun has acknowledged
the problem and will have a fix soon. I am not sure if this problem is
affecting you but I thought it might help. If your syslog shows a line
that shows pam_krb5 unable to set credentials, then this is the problem
reported.

Hth,

Pierre Goyette
Hummingbird Ltd.

> -----Original Message-----
> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf
> Of Douglas E. Engert
> Sent: Sunday, June 20, 2004 4:59 PM
> To: Judi Buff
> Cc: kerberos at mit.edu
> Subject: Re: Solaris9 server as client
> 
> 
> 
> Judi Buff wrote:
> 
> > I am on the domain tamug.edu trying to setup a Solaris9 server
> > (tarpon.tamug.edu) as a client authenticating on KDC's in the realm
> > TAMU.EDU.  In the krb5.conf file under [domain_realm] section I have
> > added the following for my server's name '.tarpon.tamug.edu=TAMU.EDU
and
> > tarpon.tamug.edu=TAMU.EDU.
> 
> The [domain_realm] section is used by a client to determine the realm
of a
> service.
> You problem of the kinit not finding the realm of the user is not
related
> to the
> [domain_realm].
> 
> >
> >
> > When I use kinit username to connect, it comes back with the
following
> > error:
> >
> > % kinit judith-a-buff
> > Password for judith-a-buff at TAMU.EDU:
> > kinit: Cannot contact any KDC for requested realm while getting
initial
> > credentials
> >
> 
> This says it can not find a [realm] section for realm TAMU.EDU or the
> kdc(s)
> listed are not responding. Or it could not find DNS SRV records for
the
> KDC(s).
> Or the KDCs are not responding.
> 
> >
> > The username and password being used have been verified as correct.
Can
> > you tell me what this means?
> 
> How did you verify this?
> 
> >
> >
> > Thank you,
> >
> > Judith Buff
> > Computer Systems Mgr/WebCT Admin
> > Texas A&M University at Galveston
> > 200 Seawolf Parkway
> > Galveston, Texas 77553
> > (409) 740-4961
> > Fax (409) 740-4450
> >
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> --
> 
>  Douglas E. Engert  <DEEngert at anl.gov>
>  Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439
>  (630) 252-5444
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos





More information about the Kerberos mailing list