Using Solaris 10 kadmin with MIT 1.4.1 kadmind

Nicolas Williams Nicolas.Williams at sun.com
Thu Jun 2 15:28:17 EDT 2005


Known bug.

Our RPCSEC_GSS APIs force us to use hostbased princs for the server, and
MIT krb5, though it now implements RPCSEC_GSS, did not match this behaviour.

On Thu, Jun 02, 2005 at 02:20:36PM -0500, Douglas E. Engert wrote:
> While trying to use the Solaris 10 Kerberos, most things  in a mixed
> environment sort of work, but the kadmin does not.
> 
> It appears that the Solaris 10 /usr/sbin/kadmin program is
> using the sun gss rpcs, and the MIT kadmind is not. The MIT kadmin
> is running on an older Solaris version.
> 
> The kadmin gets a ticket for the admin doug/admin at TEST.REALM for
> kadmin/kdc.test.anl.gov at TEST.REALM as shown by the KDC logs.
> 
> The Solaris 10 client says:
> kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
> and syslog says:
> GSS-API error: rpc_gss_seccreate failed
> three times for the client.
> 
> This looks similar to the thread from 5/26-27 on
> "mixing sun solaris's rpc with mit's rpc"
> 
> Any one (especially at Sun) have a solution?
> 
> 
> 
> 
> -- 
> 
>  Douglas E. Engert  <DEEngert at anl.gov>
>  Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439
>  (630) 252-5444


More information about the Kerberos mailing list