MIT Kerberos and Solaris 10 Kerberos

Wyllys Ingersoll wyllys.ingersoll at
Wed Feb 9 08:59:17 EST 2005

edisonw at wrote:

>  e at wrote:
> > OK, I think I have fixed the services. I have: # svcs -v | grep
> > login online - 13:25:02 35
> > svc:/system/console-login:default online -
> > 13:25:11 - svc:/network/login:eklogin online -
> > 13:25:12 - svc:/network/login:klogin online -
> > 13:25:12 - svc:/network/login:rlogin (Just to make sure, those
> > ARE the correct versions? The ones I removed looked like:
 >> # svcadm disable svc:/network/klogin/tcp:default
 >> # svcadm disable svc:/network/eklogin/tcp:default
 >> The first entry in the svcs
> > listing is, I assume, my root console login via the terminal
> > server.) Or did I cancel the wrong two? If I use the MIT rlogin to
> > go to another server, this fails (and no message gets logged on the
> > KDC). I expect this is correct behaviour (needing the SEAM
> > version). So, where do I find the Solaris 10 SEAM version of

MIT rlogin client should work just fine with Solaris 10 rlogin
daemon, I have tested this myself many times.  If you are not
making a connection, then I would guess that eklogin and klogin
are not properly enabled.

The services you need to have running for Kerberized rlogin are:
online         Feb_04   svc:/network/login:eklogin
online         Feb_04   svc:/network/login:klogin

(svc:/network/login:rlogin is the non-kerberized version)

The ones you disabled - 

are from an earlier beta release. In the most recent S10 releases,
the profiles are defined as instances of the login profile:


See the difference?

> > rlogin? The rlogin in /bin seems to be the old, un-Kerberized one,
> > or is this actually a Kerberized one? In which case, it never seems

In Solaris 10, the stock rlogin, telnet, rsh, (etc) clients and servers
are already Kerberized, you do not need to download anything else
to get them to work.   Try "rlogin -x ", for example, it works.
See the manpages also, they have been updated to reflect the
new Kerberos options.

> > to get a connection, and again, doesn't log anything on the KDC. I
> > can use the Solaris 8/MIT rlogin to go from one of the old Solaris
> > 8/MIT systems to the Solaris 10 box. Thanks again. Rainer

Strange - you are saying that your Solaris 8/MIT rlogin client
connects to the S10 box, but a Solaris 10/MIT rlogin client
cannot talk to that same S10 server?    That doesn't make
sense and sounds like some sort of configuration error on
the client side.


More information about the Kerberos mailing list