MIT Kerberos and Solaris 10 Kerberos
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Wed Feb 9 08:59:17 EST 2005
edisonw at duskmail.com wrote:
> e at atcoitek.com wrote:
>
> > OK, I think I have fixed the services. I have: # svcs -v | grep
> > login online - 13:25:02 35
> > svc:/system/console-login:default online -
> > 13:25:11 - svc:/network/login:eklogin online -
> > 13:25:12 - svc:/network/login:klogin online -
> > 13:25:12 - svc:/network/login:rlogin (Just to make sure, those
> > ARE the correct versions? The ones I removed looked like:
>> # svcadm disable svc:/network/klogin/tcp:default
>> # svcadm disable svc:/network/eklogin/tcp:default
>> The first entry in the svcs
> > listing is, I assume, my root console login via the terminal
> > server.) Or did I cancel the wrong two? If I use the MIT rlogin to
> > go to another server, this fails (and no message gets logged on the
> > KDC). I expect this is correct behaviour (needing the SEAM
> > version). So, where do I find the Solaris 10 SEAM version of
MIT rlogin client should work just fine with Solaris 10 rlogin
daemon, I have tested this myself many times. If you are not
making a connection, then I would guess that eklogin and klogin
are not properly enabled.
The services you need to have running for Kerberized rlogin are:
online Feb_04 svc:/network/login:eklogin
online Feb_04 svc:/network/login:klogin
(svc:/network/login:rlogin is the non-kerberized version)
The ones you disabled -
svc:/network/klogin/tcp:default
svc:/network/eklogin/tcp:default
are from an earlier beta release. In the most recent S10 releases,
the profiles are defined as instances of the login profile:
svc:/network/login:eklogin
svc:/network/login:klogin
svc:/network/login:rlogin
See the difference?
> > rlogin? The rlogin in /bin seems to be the old, un-Kerberized one,
> > or is this actually a Kerberized one? In which case, it never seems
In Solaris 10, the stock rlogin, telnet, rsh, (etc) clients and servers
are already Kerberized, you do not need to download anything else
to get them to work. Try "rlogin -x ", for example, it works.
See the manpages also, they have been updated to reflect the
new Kerberos options.
> > to get a connection, and again, doesn't log anything on the KDC. I
> > can use the Solaris 8/MIT rlogin to go from one of the old Solaris
> > 8/MIT systems to the Solaris 10 box. Thanks again. Rainer
Strange - you are saying that your Solaris 8/MIT rlogin client
connects to the S10 box, but a Solaris 10/MIT rlogin client
cannot talk to that same S10 server? That doesn't make
sense and sounds like some sort of configuration error on
the client side.
-Wyllys
More information about the Kerberos
mailing list