Solaris9 server as client

Douglas E. Engert deengert at anl.gov
Mon Jun 21 09:01:58 EDT 2004



Pierre Goyette wrote:

> Douglas,
>
> With Solaris 9 (even up to Solaris 9 4/04), there is a bug that was
> introduced with patch 112908. With this patch installed, you can not
> properly authenticate when the Solaris 9 box is a Kerberos application
> server. The bug is in the pam_krb5.so.1 library. Sun has acknowledged
> the problem and will have a fix soon. I am not sure if this problem is
> affecting you but I thought it might help. If your syslog shows a line
> that shows pam_krb5 unable to set credentials, then this is the problem
> reported.
>

Its not my problem, I was responding to the e-mail of others. The problem
was with kinit not finding the KDC which should have nothing to do with PAM.

>
> Hth,
>
> Pierre Goyette
> Hummingbird Ltd.
>
> > -----Original Message-----
> > From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
> Behalf
> > Of Douglas E. Engert
> > Sent: Sunday, June 20, 2004 4:59 PM
> > To: Judi Buff
> > Cc: kerberos at mit.edu
> > Subject: Re: Solaris9 server as client
> >
> >
> >
> > Judi Buff wrote:
> >
> > > I am on the domain tamug.edu trying to setup a Solaris9 server
> > > (tarpon.tamug.edu) as a client authenticating on KDC's in the realm
> > > TAMU.EDU.  In the krb5.conf file under [domain_realm] section I have
> > > added the following for my server's name '.tarpon.tamug.edu=TAMU.EDU
> and
> > > tarpon.tamug.edu=TAMU.EDU.
> >
> > The [domain_realm] section is used by a client to determine the realm
> of a
> > service.
> > You problem of the kinit not finding the realm of the user is not
> related
> > to the
> > [domain_realm].
> >
> > >
> > >
> > > When I use kinit username to connect, it comes back with the
> following
> > > error:
> > >
> > > % kinit judith-a-buff
> > > Password for judith-a-buff at TAMU.EDU:
> > > kinit: Cannot contact any KDC for requested realm while getting
> initial
> > > credentials
> > >
> >
> > This says it can not find a [realm] section for realm TAMU.EDU or the
> > kdc(s)
> > listed are not responding. Or it could not find DNS SRV records for
> the
> > KDC(s).
> > Or the KDCs are not responding.
> >
> > >
> > > The username and password being used have been verified as correct.
> Can
> > > you tell me what this means?
> >
> > How did you verify this?
> >
> > >
> > >
> > > Thank you,
> > >
> > > Judith Buff
> > > Computer Systems Mgr/WebCT Admin
> > > Texas A&M University at Galveston
> > > 200 Seawolf Parkway
> > > Galveston, Texas 77553
> > > (409) 740-4961
> > > Fax (409) 740-4450
> > >
> > > ________________________________________________
> > > Kerberos mailing list           Kerberos at mit.edu
> > > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> > --
> >
> >  Douglas E. Engert  <DEEngert at anl.gov>
> >  Argonne National Laboratory
> >  9700 South Cass Avenue
> >  Argonne, Illinois  60439
> >  (630) 252-5444
> >
> >
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos

--

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444




More information about the Kerberos mailing list